ISSUE 45 | JANUARY 2020
WHAT’S IN STORE?: OUTLOOK 2020 ___ WINDOWS 7: THE END OF THE LINE ___ 3 WAYS ENTERPRISE CISOs CAN STAY IN CONTROL
SWITCHING GEARS
SONICWALL’S TERRY GREER-KING ON THE FIRM’S STRATEGIC MARKET FOCUS SHIFT FROM SMB TO ENTERPRISE
WWW.TAHAWULTECH.COM
HOME IS WHERE YOUR DATA IS.
Our new Data Center in the Kingdom of Saudi Arabia brings world-class cybersecurity expertise to your doorstep, ensuring the confidentiality, integrity and availability of your log & event data, without them ever leaving the country. Fully compliant with the NCA ECC-1 and the SAMA Framework, we now offer in the Kingdom of Saudi Arabia the full range of services of our award-winning ClearSkies™ Advanced Security Analytics Platform:
• • • •
ClearSkies™ SaaS NG SIEM Managed Security Services (MSS) / Managed Detection & Response (MDR) ClearSkies™ NG Endpoint Detection & Response (EDR) ClearSkies™ Advanced Security Analytics Platform for MSSPs (white-label)
Learn how you can benefit from the ClearSkies™ Advanced Security Analytics Platform. Reserve your free consultation now. Scan the QR code below to visit our website.
SCAN THE QR CODE TO RESERVE YOUR FREE CONSULTATION. www.odysseycs.com | www.clearskiessa.com
CONTENTS
20 22
14
THE BIG PICTURE
36
SonicWall’s Terry Greer-King on the firm’s enterprise strategy
08
OUTLOOK 2020
Industry experts share insights and predictions for the year ahead
24
TURN THE TAP ON
Corning’s Tony Robinson on how a network tap can help enterprises protect against breaches
26
CONVERSING WITH BOTS
What are the security implications in a world where people do not know that they are interacting with a computer or a person?
32 THE END OF THE LINE
Why organisations that haven’t updated from Windows 7 are now highly vulnerable to security breaches
12TH
Tuesday, 28th January 2020
Diamond Ballroom, Rixos Premium, JBR, Dubai
Have you nominated for the CIO 100 Awards yet? Hurry Last chance to nominate. Today is the last day to nominate and celebrate your tech excellence. The deadline for nominations is closing tomorrow 15th January 2020. Join our respected 12th Annual CIO Industry Awards event as we celebrate technology leaders who are evolving their organisations in 2020 and beyond. CIO 100 winners will receive their awards at our annual CIO 100 Symposium & Awards Ceremony and will also be featured in the February 2020 issue of CNME magazine. *CIOs, CTOs, IT directors and equivalents are invited to take part in the CIO 100 nominations.
#CIO100ME www.tahawultech.com/cio100/2020/ For sponsorship enquiries Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9128 / +971 50 778 2771
SILVER PARTNER
HOSTED BY
ORGANISER
OFFICIAL PUBLICATION
EDITORIAL
NEW YEAR’S RESOLUTIONS Talk to us: E-mail: adelle.geronimo@ cpimediagroup.com
Adelle Geronimo Editor
EVENTS
It’s a new year, which many people perceive as a clean slate—a brand new chance to change things and do better. This also marks a time for new year’s resolutions – for some people it’s about being healthier, learning new skills or taking a dream holiday. For organisations that want to stay resilient to new attacks that await them this new year, improving on cybersecurity should be on top of their new year’s resolutions. Looking back at 2019 and earlier, it’s clear that businesses have struggled to build effective cybersecurity programmes. Security threats are evolving at a rate well beyond the scale and capability of even the most prepared organisations. In 2020, organisations should commit to a new year’s resolution of achieving a higher level of cybersecurity readiness. This process
should begin with a top-down approach with everyone within the company committing to drive cybersecurity maturity and improvement. In this month’s issue, we spoke to several industry experts who shared their insights about what the security landscape will look like this year. Most of them highlighted that the new year will bring new threats and that as we develop new technologies the threat landscape will continue to expand. They also pointed out we can expect governments across the globe to implement stricter regulations around data security and protection. So, if the cybersecurity tools that you have in place keep you up at night because you’re not confident that it will protect your network, applications, and data, perhaps 2020 is a good time to re-think your security strategies.
Published by FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)
Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128
EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140
Contributing Editors Daniel Bardsley Mark Forker Giorgia Guantario Sharon Saldanha
Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 PRODUCTION Operations Manager Cherylann D’Abreo cherylann.dabreo@cpimediagroup.com +971 4 440 9107
DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE
Photographer Charls Thomas Maksym Poriechkin
Tel: +971 4 440 9100 Fax: +971 4 447 2409
webmaster@cpimediagroup.com +971 4 440 9100
Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
NEWS
UAE MOCD STRENGTHENS SECURITY POSTURE WITH MICROSOFT
SAYED HASHISH, MICROSOFT UAE AND SAEED ABDULLA, UAE MOCD
The UAE’s Ministry of Community Development (MOCD) has teamed up with Microsoft to better secure its digital assets and protect against cyber-attacks. As part of the agreement, the ministry will adopt Microsoft’s Defender Advanced Threat Protection (ATP) to protect its digital perimeter and respond to endpoint attacks, advanced threats, fileless attacks and zero-day exploits. “As we work to improve social development in the UAE, and pursue the national agenda for Vision 2021, our responsibility to strengthen family coherence and consolidate the position of our nation as a place of happiness will rely more and more on a stable technology environment,” said Saeed Abdulla, Information Technology Advisor – Minister’s Office, UAE Ministry of Community Development. “To protect, detect and respond to sophisticated and advanced threats, we partnered with Microsoft to implements its security and compliance solutions. Our partnership will ensure seamless fulfilment of the vision our wise leaders have for our citizens and our country.” Considering how the threats landscape is evolving every day, thirdparty anti-virus solutions was insufficient to guard against sophisticated, fileless and zero-day threats, MOCD opted to standardise its cybersecurity strategy using Microsoft Defender ATP, leading to a simplification of operations and a more coherent defence of its digital estate.
6
JANUARY 2020
INFOBLOX ANNOUNCES ACQUISITION OF SNAPROUTE Infoblox has announced the acquisition of SnapRoute. SnapRoute’s talent and technology add significant depth to Infoblox’s suite of offerings and will help the company to simplify networking and deliver services more quickly and efficiently. SnapRoute’s cloud-native network OS together with Infoblox’s cloud-native network services platform promise to deliver a next level network experience. Infoblox’s BloxOne platform is built around cloud-native architectural principles, enabling the delivery of cloudmanaged secure network services at scale. With SnapRoute’s cloud-native OS, Infoblox will now be able to accelerate the development and delivery of additional network services on its platform. With its BloxOne Threat Defense solution and recently released BloxOne DDI solution, Infoblox has already delivered DDI and security centric services built on the SASE architecture. According to the company, SnapRoute’s technology, IP and exceptional talent will accelerate Infoblox’s ability to expand
JESPER ANDERSEN, INFOBLOX
the suite of SASE services offered on this cloud-native architecture. “We recognise that the future is in the cloud, and to meet customer demands for flexibility, scalability, adaptability, enhanced security and speed, it will become increasingly important for network and security services to be cloud-native,” said Jesper Andersen, President and CEO, Infoblox. “We are thrilled to welcome the SnapRoute team as we work together to leverage their innovative technology and IP to rapidly expand the services we offer on our BloxOne platform.”
F5 NETWORKS TO ACQUIRE SHAPE SECURITY FOR $1 BILLION F5 Networks and Shape Security have announced a definitive agreement under which F5 will acquire all issued and outstanding shares of the privately held Shape for a total enterprise value of approximately $1 billion in cash, subject to certain adjustments. Shape protects the largest banks, airlines, retailers, and government agencies. In particular, Shape defends against credential stuffing attacks, where cybercriminals use stolen passwords from third-party data breaches to take over other online accounts. Shape has built an advanced platform, utilising artificial
intelligence and machine learning, supported by powerful cloud-based analytics to protect against attacks that bypass other security and fraud controls. This acquisition brings together F5’s expertise in protecting applications across multi-cloud environments with Shape’s fraud and abuse prevention capabilities to transform application security. Together F5 and Shape offer organisations comprehensive, end-to-end application security, potentially saving billions of dollars lost to fraud, reputational damage, and costly disruptions to critical online services.
www.tahawultech.com
NEWS
SMB AND ENTERPRISE IT SECURITY BUDGETS DECLINE: KASPERSKY
SOPHOS UNCOVERS NEW VERSION OF SNATCH RANSOMWARE Sophos has recently published an investigative report, Snatch Ransomware Reboots PCs into Safe Mode to Bypass Protection, by SophosLabs and Sophos Managed Threat Response. The report detailed the changing attack methods of Snatch ransomware, first seen in December 2018, including rebooting PCs into Safe Mode mid-attack in an attempt to bypass behavioral protections that detect ransomware activity. According to Sophos, this is a new attack technique adopted by cybercriminals for defense evasion. Continuing a trend noted in SophosLabs’ 2020 Threat Report, the Snatch cybercriminals are now also exfiltrating data before the ransomware attack begins. This behavior has been used by other ransomware groups, including Bitpaymer. Sophos expects this sequence of exfiltrating data before ransomware encryption to continue. Businesses needing to comply with GDPR, the upcoming California Consumer Privacy Act and other regulatory laws may need to notify data protection regulators if they are victims of Snatch. Snatch is an example of an automated, active attack, also outlined in SophosLabs’ 2020 Threat Report. Once attackers gain access by abusing remote access services, they use hand-to-keyboard hacking to move laterally and do damage. As explained in the Snatch report, attackers are gaining entry through insecure IT remote access services, such as (but not limited to) Remote Desktop Protocol (RDP).
www.tahawultech.com
Despite cybersecurity spending growing year-on-year with almost nine percent growth in 2019, security budgets for SMBs and enterprise have fallen below the average spend. The figures came from Kaspersky IT Security Calculator, which revealed that 45 percent of SMBs and 50 percent of enterprises have fallen below the average spend, which is $205,000 for small and medium and $8 million for enterprise businesses. Globally, IT security budgets are demonstrating positive dynamics: as a number of analyst reports show, they continue to grow year on year. Kaspersky’s own survey of almost five thousand organisations across the world confirms this trend with 70 percent of respondents showing they expect their IT security budget to increase in the next three years. However, statistics from usage of the Kaspersky IT Security Calculator in
70%
OF ORGANISATIONS EXPECT THEIR IT SECURITY BUDGETS TO INCREASE IN THE NEXT THREE YEARS SOURCE: KASPERSKY
October 2018- 2019 revealed that some businesses are not keeping up with this trend, as their IT security spending is even lower than average. This is seen in 45 percent of calculations for SMBs and 50 percent for enterprise users of the toolOverall, budgets for SMBs were reviewed more actively (46 percent) than for enterprises (38 percent) and very small companies (16 percent). For small and medium businesses the budget issue can be even more complicated: it’s not only about money but also about the alignment of the budget planning process. It can be challenging because of demands on human resources and expertise in relevant cybersecurity risks and protection methods for different business services. “Budget planning is a very important process for companies as proper investments ensure a company is ready to meet current cybersecurity challenges and threats. Though it may be a complex task which demands a good understanding of business needs towards cybersecurity, how to address them and how much it can cost,” said Sergey Martsynkyan, Head of B2B Product Marketing, Kaspersky. “We at Kaspersky try to give organisations insights to help them with this process. Along with the report on IT security economics we prepare annually, the IT Security Calculator gives a glance on average cybersecurity spending, as well as specific threats and advice on protection measures”.
JANUARY 2020
7
FEATURE
WHAT’S IN STORE?: CYBERSECURITY IN 2020 AS WE ENTER A NEW DECADE, WHAT DOES THE FUTURE HOLD FOR THE CYBERSECURITY LANDSCAPE? SECURITY ADVISOR ME SPOKE TO TOP INDUSTRY EXPERTS ABOUT WHAT THEY THINK AWAIT SECURITY LEADERS IN THE NEW YEAR.
8
JANUARY 2020
www.tahawultech.com
www.tahawultech.com
JANUARY 2020
9
FEATURE
WHAT WILL THE THREAT LANDSCAPE LOOK LIKE THIS YEAR? WHAT ARE THE BIGGEST CYBERSECURITY THREATS IT LEADERS SHOULD WATCH OUT FOR?
them to think of new approaches to handle the security of their applications. Furthermore, ransomware is still the number one go-to for cybercriminals with financial incentives. They have also shown a great ability in customizing ransomware based on many factors such as the target industry and their place in the ecosystem. Therefore, enterprises should understand where they reside in the threat landscape. Finally, new emerging technologies such as artificial intelligence (AI), Internet of Things (IoT), and 5G networks will also play an important role on both sides of the cyber war.
ABDESLAM AFRAS, EXECUTIVE VICE PRESIDENT – GLOBAL MARKETS, ACCESDATA The threat landscape never fails to surprise us with new threats. This is because cybercriminals are getting smarter as they work hard to originate new maneuvers to circumvent any defense mechanism. They are always taking advantage of new and underdeveloped technologies to find ways to perform their illicit operations. On the other side, enterprises are always trying hard to keep abreast of the latest counter-attacks. As long as technology is ever present, this war will continue to evolve in the upcoming years, generating new threats and reinforcing old ones. One of these threats is data breach related to cloud applications. Cloud computing deployment are expanding, and enterprises are transitioning all their assets to the cloud. Couple this with the volumes of data being generated and it creates many security challenges for cloud providers, pushing
10
JANUARY 2020
based systems and the infrastructure of cloud service providers; denial of service attacks using compromised smart devices, such as IoT devices and consumer technology, like smart TVs; and increased government-sponsored attacks against critical infrastructure and public information systems.
NICOLAI SOLLING, CTO, HELP AG
JOHN PESCATORE, DIRECTOR OF EMERGING SECURITY TRENDS, SANS Threat landscapes change for two reasons: either advances are made that make older threats stop working; or attackers think up entirely new threats. We have seen many enterprises make advances in basic security hygiene around data protection, which has resulted in a reduction in data breaches. However, attackers learned that data backups were not being done regularly or thoroughly and this led to an increase in ransomware attacks. We expect to see that trend increase. The new threats in 2020 will likely focus on three key areas: attacks against cloud-
Cyber-attacks are becoming more sophisticated but at the same time the security industry is getting better at dealing with threats. Take ransomware for example – when compared to just three years ago, there have a massive improvement – both from a technical as well as a behavioural standpoint. Today, few organisations agree to ransom pay-outs while digital analytics and forensics have made it possible to track Bitcoin transactions, thereby overcoming the benefits of anonymity that cybercriminals enjoyed. At the same time, cybercriminals are changing their techniques and demonstrating a preference for targeted attacks. Across the globe, we’re seeing attacks that are fine tuned to exploit regional, linguistic, cultural and even organisational nuances. Instead of the broader target set, cybercriminals are opting for a focused approach in order to make their malicious activities more difficult to detect.
www.tahawultech.com
Oftentimes the prevention mechanisms of cybersecurity solutions are based on signatures and understanding of malicious behaviour, and while we have become much better at this, attackers are still getting smarter at evading detection. It is an unfair battle as it is significantly more difficult to detect the undetectable than it is to create something that can be easily found by the detectors. For this same reason, any technologies that are trying to prevent instead of detect are infinitively more effective.
target for cyber-attacks in 2020. Machine sign-on and identities will become the largest cybersecurity exposure point in 2020, overtaking humans. However, process and machine automation, if implemented and secured correctly by humans, could mitigate this rapidly emerging risk. Human employees may continue to remain the biggest weakness for any organisation. Phishing experiences of humans through malicious links embedded in emails, will change course in 2020. Phishing attacks will move away from using email as the preferred medium, towards SMS. Phishing attacks by SMS - SMishing, will increase by more than 100 percent in 2020. We will also see the first successful spearphishing by video. Spearphishing by video will be enabled by hackers leveraging tools like deep fake technology to look and sound like a trusted person.
WHICH TECHNOLOGIES WILL MAKE THE BIGGEST IMPACT ON THE CYBERSECURITY INDUSTRY IN 2020? KAMEL HEUS, REGIONAL DIRECTOR, NORTHERN, SOUTHERN EUROPE, MIDDLE EAST AND AFRICA, CENTRIFY Weaknesses in cloud security will likely be exploited. A 2019 Centrify study revealed 60 percent of organisations do not understand the cloud shared responsibility model, when it comes to who secures workloads in the cloud. This is creating a false sense of security in for cloud customers. In the shared cloud security responsibility model, customers are responsible for securing privileged access to their cloud administration accounts and workloads. This false sense of confidence around cloud security by end-user organisations is likely to be exploited by threat actors, making cloud environments the top
www.tahawultech.com
ABHIJIT MAHADIK, DIRECTOR – CYBERSECURITY SOLUTIONS, RAQMIYAT The “unknown” is the biggest cyber threat businesses will face. AI and
machine learning (ML) will become more prevalent in traditional business processes making a large impact on the cybersecurity industry in 2020.
AMMAR ENAYA, REGIONAL DIRECTOR – METNA, VECTRA Security operations are going to take a major shift to behaviour-based methodology for threat detection and response. Companies are already performing a stack ranking on the tools they have and the ones that don’t make the cut are going to be out. There are too many tools in the toolset and companies don’t want to pay for these anymore. New behavioural analytics techniques will reduce the total number of security tools in use within security operations today. Less is going to be more. ABDESLAM AFRAS, ACCESDATA: We should all agree that 2020 will come with its own security challenges. New malware, insider threats, and advanced persistent threats will surely come with new customized features. All these threats, and more, will require the security community to be serious about developing new security solutions to keep up with the growing threats. One of the solutions that proved its effectiveness in halting catastrophic cyber-attacks is AI. We
JANUARY 2020
11
FEATURE
have already seen security vendors flavor their products with AI-based features. As we find that old techniques and technologies are no longer able to stop hackers, we can expect to see an increase in availability of AI-based security solutions. On the other hand, cybercriminals will also start to use AI to their favour to craft more clever malware to avoid detection. So, the bottom line is that regardless of whether it’s used by attackers or defenders, AI will be more powerful than ever in the next year. Another technology that will have a great impact on the cybersecurity landscape next year is the emergence of 5G networks. As telecom companies are racing to adopt 5G networks, hackers are also working hard to use it to their advantage. The advantage of 5G resides in its speed which will be up to 5Gbps with almost no latency. This will open the door for new attack vectors as well as older ones such as DDoS attacks.
WHAT DO YOU THINK WILL BE THE KEY DRIVERS FOR SECURITY SPENDING?
MIKE LLOYD, CTO, REDSEAL We are mid-way through the transition to the cloud, leaving most networks as a complex hybrid. Managing that
12
JANUARY 2020
complexity will be a major spending driver. Another key driver is compliance as the regulatory landscape continues evolve new regulations will drive spending. Lastly, cyber insurance will increase in importance in 2020, and this will steer spending towards defences that insurance providers want to see, in much the same way that car insurance drives car safety features.
‘grey area’ corporate reporting to avoid unwanted headlines.
HOW WILL CYBERSECURITY ROLES EVOLVE?
KARL LANKFORD, DIRECTOR – SOLUTIONS ENGINEERING, BEYONDTRUST
RYAN TROST, CO-FOUNDER AND CTO, THREATQUOTIENT Security drivers for 2020 include compliance/regulation needs, increase collaboration efforts across roles, and implement ransomware strategies. Compliance is always a driving force for security teams as organisations continue to evolve their security practice amongst slow but steady improvements to global privacy and security regulations. Collaboration across teams during an incident or simply an investigation provides a more effective defensive posture and managers are currently earmarking budget to help with this. Over and over we see organisations fall victim to ransomware attacks and unfortunately companies need to plan for the worst-case scenario. Several third-party vendors have even surfaced which specialise in ransomware payouts; which offers some
We will see a shift in the way the business talks about cybersecurity. We will see an expansion of cybersecurity content across the business, especially as more digital natives enter the organisation in senior roles. Broadly speaking, the workforce will have a better fundamental understanding of cybersecurity and privacy. In terms of cyber-specific roles, I think we’ll see more organisations accepting the need for continuous professional development because of the nature of the evolving risk. JOHN PESCATORE, SANS: The biggest advances in cybersecurity will be made when the security team is able to get security “baked in” across the company. That is when software architects can be convinced to build security monitoring capabilities into DevOps platforms; procurement managers can be convinced to include security evaluation criteria in procurement
www.tahawultech.com
of sensitive technology and services; and corporate management and directors can be convinced to back changes in corporate strategy that can better protect information and customers. To do this, the major role change is for the CISOs to increase their abilities to communicate outside of the security group and to drive change.
WHICH ASPECTS OF SECURITY DO YOU THINK CISOs NEED TO FOCUS ON THIS YEAR?
SUBHALAKSHMI GANAPATHY, PRODUCT EVANGELIST, MANAGEENGINE CISOs should focus on investing in integrated security systems that identify threats in real time, have analytical capability for providing swift response, combat insider attacks, ensure accountability in resolving security incidents, and seamlessly communicate with IT operations for better analysis. They should also focus on AI-powered cybersecurity to combat sophisticated attacks. They must see value in investing in explainable AI technologies, protecting AI training data and the ML models, and adopting technologies like homomorphic encryption. Plus, CISOs should focus on taking cloud security to the next level by fostering
www.tahawultech.com
a strategic cloud security culture across departments. Concentrating on privileged access management—and synchronizing it with the on-premises environment, in the case of hybrid platforms—will help prevent unauthorized access and data leakage. Endpoint protection should also be a top priority. AMMAR ENAYA, VECTRA: Too often the security function is seen as inhibitive by their internal stakeholders ― a department that too often says ‘no, you can’t do that’. The CISO to be a trusted advisor that partners with the lines of business, leading the discussion about risk, and being part of the solution that appropriately secures and enables new business initiatives. In progressive organisations, cybersecurity isn’t just seen as a technology and policy issue. The line of business needs to take some accountability for security decisions that affect them, so that security becomes a shared issue across all elements of the enterprise. This changing of organisational mindset isn’t easy — it takes time, and requires an adept CISO who can move, influence and carry respect in both the business and security and risk domains. A successful CISO is a catalyst to embedding a positive security culture across the organisation.
WHAT OPPORTUNITIES AND CHALLENGES WILL THE UPCOMING EXPO 2020 BRING TO THE REGIONAL SECURITY INDUSTRY? NICOLAI SOLLING, HELP AG: There’s no doubt that Expo 2020 will be a tremendously large security exercise in terms of both the scale and complexity of technologies needed to protect the infrastructure and visitors to the country.
From what you can read in the press, the Expo site will be a technological marvel with smart-city innovations and IT integrated into every technical installation. At the same time, the Expo is a highprofile event with great visibility on a global scale. While all of this is exciting for us it is unfortunately also exciting for threat actors. We saw this at the 2018 Winter Olympics in South Korea where there was a significant amount of specifically tailored malware targeted at the event organizers, participants and visitors. Since the Expo will be such a massive event from a media perspective, we can expect that phishing campaigns will also use this event both on a local and global scale, to impact both businesses and individuals. SUBHALAKSHMI GANAPATHY, MANAGEENGINE: Being one of the most popular shows, Expo 2020 will facilitate extensive peer learning among cybersecurity professionals worldwide. It will present the opportunity for security professionals to learn new techniques to tackle cybersecurity issues, understand the compliance standards across the globe, and provide a glimpse of integrated security systems and services. ABHIJIT MAHADIK, RAQMIYAT: Cybersecurity measures are needed to both protect, as well as grow a business, regardless of the industry. Expo 2020 brings industry leaders from all the sectors across the world offering opportunities for business growth. The most innovative and game-changing security solutions for AI, blockchain, 5G, IoT and enterprise cybersecurity will be a showcase. There are also exponential business opportunities that can be expected.
JANUARY 2020
13
COVER FEATURE
THE BIG PICTURE
IN AN EXCLUSIVE INTERVIEW, SONICWALL’S VICE PRESIDENT FOR EUROPE, MIDDLE EAST AND AFRICA (EMEA) SALES – TERRY GREER-KING, SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS THE FIRM’S STRATEGIC MARKET FOCUS SHIFT FROM SMB TO ENTERPRISE AND SHARED INSIGHTS INTO THE FUTURE OF CYBERSECURITY IN A CONNECTED ERA.
N
early three decades ago two brothers Sreekanth Ravi and Sudhakar Ravi founded Sonic Systems to develop Ethernet and Fast Ethernet cards, hubs and other networking gears, which are focused on the Apple market. In the late 90s, the company launched a security product named Interpol, which it later rebranded as SonicWall. The product was a firewall and virtual private networking appliance aimed at small and medium businesses. With the success of the product, the company took off and shifted its focus to become a network security firm. This led the organisation to officially change its
14
JANUARY 2020
name to SonicWall. Since then, the company has witnessed tremendous success and has continuously evolved its portfolio offering products such as next-generation firewalls, unified threat management (UTM) and email security among others. Through its vast array of offerings, SonicWall enables organisations to innovate, accelerate and grow with security on top of mind. In early 2012 it was acquired by technology giant Dell, four years later it spun out as an independent company following private equity firm Francisco Partners and hedge fund Elliott Management’s acquisition of the cybersecurity vendor. SonicWall’s innovations are deeply rooted in protecting organizations in the SMB space, however, over the
past year the company has increased its investments in its resources as it looks to grow its footprint among large enterprises. Leading this strategic shift in the EMEA market is the company’s vice president for sales for the region Terry Greer-King. What have been some of the highlights at the company over the past year? We have seen tremendous opportunities in every region that we are present in. Over the past year, we have also acquired a number of significant projects across multiple industries in our pipeline. In the last six months, the engagements that we’re involved in and some of the deals that we are closing are accelerating substantially as compared to the beginning of last year.
www.tahawultech.com
www.tahawultech.com
JANUARY 2020
15
COVER FEATURE
There is a huge demand from our customers across both public and private sectors to hear directly from us, which I believe is a sign that our offerings are increasingly becoming relevant to them. In addition, we have re-aligned our structure when it comes to our approach in the market. In line with this, we have bolstered our workforce and added over 100 new people into our sales team globally. SonicWall is increasingly shifting its market focus from SMB to enterprise, what is the driver behind this? Being a part of the industry for 20 years now, I have seen how the market has evolved and how security has grown to become a vital part of that transformation. If you observe the market trends over that past few years, you will see that despite enterprises increasing their investments into the latest IT security tools and governments introducing stricter regulations, security breaches remain a regular occurrence. This is primarily because of the lack of integration between multiple security solutions. It is not uncommon for large enterprises to deploy multiple IT security technologies from different vendors. In fact, during the recent past this has been the norm. However, these different technologies don’t always work well together, which oftentimes make organisations more vulnerable to cyber-attacks. This coupled with the current global shortage of trained security professionals, increases the demand from enterprises for security providers that have the capabilities and the technologies to help them cope with this gap.
16
JANUARY 2020
“WE WILL RETAIN OUR FOCUS ON THE SMB SPACE. BUT WE WILL PROGRESSIVELY INCREASE OUR MARKET SHARE IN THE ENTERPRISE MARKET.” So, the driver behind our market focus shift from SMB to the enterprise is simple – we have both the capabilities and the technologies that are beneficial to large enterprises. We have a wide array of offerings including firewalls, wireless security, cloud security, endpoint security, email security and remote access management among others. Subsequently, over the past two years, we have increased our capabilities in supporting organisations optimise these technologies through our managed security services programme. We will retain our focus on the SMB space. But we will progressively increase our market share in the enterprise market. Can you please tell me about SonicWall’s strategy for penetrating the enterprise market? We have recently added over 100 people into our global sales team. We have adopted a ‘direct touch’ approach. This means we engage with our enterprise customers directly to understand their specific security requirements, what they want to achieve and help them understand our capabilities and how they can best take advantage of them. However, we want to reassure our partners that we are still 100 percent
channel-focused. Our direct touch approach doesn’t mean we take the business straight from the customers, we only strengthen our engagement with them. We believe this will create large opportunities for us and our partners. According to Gartner, there will be 25 billion Internet of Things devices by 2025. What role can SonicWall play in securing the connected era? The Internet of Things is going to change everything we do. It will give people the capability to control everything within their homes, business and even cities.
www.tahawultech.com
“WE HAVE ADOPTED A ‘DIRECT TOUCH’ APPROACH. THIS MEANS WE ENGAGE WITH OUR ENTERPRISE CUSTOMERS DIRECTLY TO UNDERSTAND THEIR SPECIFIC SECURITY REQUIREMENTS, WHAT THEY WANT TO ACHIEVE AND HELP THEM UNDERSTAND OUR CAPABILITIES AND HOW THEY CAN BEST TAKE ADVANTAGE OF THEM.”
This hyper-connectivity presents tremendous benefits but it will also open various points of ingress that are vulnerable to attacks. So, it’s important that we embed security into IoT from the get-go from sensors to devices, applications and so on. There are a plethora of security solutions required in IoT and we’re at the forefront of this. What can we expect from SonicWall in 2020? We will continue to invest significantly in our security
www.tahawultech.com
innovations, particularly around cloud and and how it can be integrated with other providers. We’re also increasing our support to customers through our MSSP programme, allowing customers to take advantage of a pay-as-you-go giving them the flexibility to maximize our offerings. We’ve also introduced the SonicWall University, which is an educational forum for internal SonicWall stakeholders, our partners and our customers. This
is aimed at not only educating them but also helping create new revenue streams for them. Of course, we will continue to enhance our direct touch market approach and drive more awareness to our focus on enterprises. We want to change the perception of SonicWall as an SMB company. While we are very proud of our pedigree in the SMB market, we want to spread awareness that we can do so much more. We seek to do this through marketing and awareness campaigns, roadshows and taking part in industry events.
JANUARY 2020
17
INSIGHT
DIGITAL LANDSCAPE OR DIGITAL RISKSCAPE? ANDREAS REX, SHOW DIRECTOR, INTERSEC, DISCUSSES THE RISING MALWARE ATTACKS IN THE UAE AND EXPLAINS WHY THIS YEAR’S INTERSEC IS A MUST-ATTEND FOR INFORMATION SECURITY LEADERS.
A
s businesses rush to embrace digital transformation in the Industry 4.0 era, recent research by international cybersecurity experts shows that while cyberspace can deliver superior efficiency and productivity benefits, it can also put businesses at severe risk. Research from Kaspersky points to a rise in malware attacks throughout the Middle East. In the UAE alone, the research states that attacks shot up by 12 percent in Q1 of this year compared to the first three months of last year. The statistics are mindboggling. Over Q1 this year, some 23.4 million malware threats were reported in the UAE and 1.1 million phish attacks – that’s an average of over 12,000 threats every day! And, in an era of the modern workplace when mobility is essential, comes an equally disturbing factor – mobile users are apparently proving even more vulnerable. Some 52,607 mobile malware attacks in the UAE spiked by 20 percent year-on-year.
18
JANUARY 2020
Experts put the rising trend down to a culmination of factors, among them inappropriate use of employer’s IT property and unsecured sharing of company data via personal mobile devices. Analysts warn that malicious or criminal attacks are behind 61 percent of data-breaches in Saudi Arabia and the UAE. What the research points out is that threats don’t just come from outside an organisation, they can be instigated by those inside and it delivers a stark wakeup call to companies that security within, will lessen the threat from the outside. Cybersecurity experts are now unanimous in advising companies to design 360 degree inside-out, outside-in cybersecurity plans as part of their sales and growth strategies – because both can be stopped in their tracks by one successful cyber-attack. The risks, warn the experts, are too great to be ignored. They point out that a single successful cyber-attack can result in major production losses through enforced critical downtime. It could cause
huge reputational damage which could prove massively costly to rectify both in terms of time and money and a fall-off in consumer trust, which could force even the most loyal into a competitors’ arms. There could be a loss of vital corporate and financial information and even fines from regulatory authorities for breach of any legal requirements such as those inherent in Bahrain’s new game-changing Personal Data Protection Law (PDPL) which came into force in August this year. According to experts, it isn’t just the big boys that are at risk. Cybercriminals, it seems, believe size doesn’t matter when it comes to attacks putting just about everyone at risk from SMEs to enterpriselevel organisations. Indeed Verizon’s 2018 Data Breach Investigations Report says SMEs were the victims in 58 percent of malware attacks last year. And experts say that the threats are becoming more frequent and ever more complex and with the transition towards a mobile, modern workplace, company data is now being accessed from everywhere
www.tahawultech.com
“Phishing is a highly effective way for cybercriminals to infect businesses with malware. It can start a ransomware attack, quickly spreading from PC to PC and until the ransom is paid, businesses will be unable to access essential files and services.”
and from a range of mobile and personal devices. Also, cybercriminals have realised that employees could be their easiest gateway into company resources. Email is probably not the first thing that comes to mind when business managers are considering how to guard against the increasing scourge of cybercrime. But apparently it should be, because email, while undoubtedly a business lifeline, is also the most common way for cybercriminals to infiltrate an organisation. Email is most vulnerable to cyber-attack because of the growing number of threats including, business email compromise, ransomware, banking trojans, phishing, social engineering, malware and spam. The issue has come into stark focus with the publication of a Barracuda Networks survey of IT security professionals throughout EMEA (Europe, the Middle East & Africa). The results show that 80 percent of organisations faced an email-borne, cyber-attack in the year June 2017-June 2018. What’s more most respondents – some
72 percent – believe the cost of emailrelated breaches is increasing. That fear is supported by a Ponemon Institute study which puts Middle East spend on post-breach response at $1.43 million – and that’s without the hidden costs of productivity disruption, and reputational damage. Further, some 73 percent of respondents are expecting the frequency of email attack to increase and 70 percent reported being more concerned about email security now, than they were five years ago. Take phishing and spear phishing where an employee is tricked into clicking a malicious link in an email. With spear phishing, an email seems to come from someone the recipient knows and trusts, such as a senior manager or a valuable client. Phishing is a highly effective way for cybercriminals to infect businesses with malware. It can start a ransomware attack, quickly spreading from PC to PC and until the ransom is paid, businesses will
be unable to access essential files and services. Ways of ring-fencing against the threat are to come under the spotlight at the Intersec Future Security Summit, which will run alongside the 22nd edition of Intersec at the Dubai World Trade Centre from 19 to 21 January 2020. This is when industry experts will analyse critical security threats, examine security loopholes in business ecosystems and discuss how cutting-edge technologies can be tailored to meet evolving security requirements. In addition to the Future Security Summit, the Intersec Arena will also have a cybersecurity track, while Intersec’s Information Security section has around 100 exhibitors showcasing the full gamut of cybersecurity, from AntiVirus Software and Anti-SPAM Filters, to Back-up / Recovery Systems, Software Protection, and Biometric Identification Systems. Without pre-empting the Summit, the likelihood is that the experts will be uncompromising in their messaging that the threats are not going away and the solution is to swiftly utilise the latest security technology to guard against them. The risks are too great and their impact too severe, not to sit up and listen.
INSIGHT
TWO CAN PLAY THAT GAME TAREK KUZBARI, REGIONAL DIRECTOR – MIDDLE EAST, BITDEFENDER, SHARES INSIGHTS INTO HOW ORGANISATIONS CAN OUTWIT CYBERCRIMINALS WITH SUPERIOR THREAT INTELLIGENCE.
M
ost breaches start with an email. These ubiquitous messages are the most dangerous cyber threat even in the technologically advanced and industriali sed Middle East. Whether they hide malware or impersonate an executive ordering money transfers, email-borne attacks are constantly honed to bypass perimeter defenses. Defending an organi sation against today’s advanced cyber-threats is a Herculean feat. According to a survey by Bitdefender, the strain is so acute that 53 percent of security professionals
20
JANUARY 2020
are considering resigning if they can’t increase their budgets or hire more staff. However, forward-looking decision makers have found an efficient way to alleviate this pain point. Instead of taking the placebo path and piling countless layers of disparate security solutions on top of one another, in the hopes of filling all cyber-security gaps, IT leaders today are turning to a simpler and smarter approach — enter actionable cyber threat intelligence (CTI).
Weaving threat intelligence into your cybersecurity fabric According to the 2019 Gartner Market Guide for Security Threat Intelligence Products and Services, 20 percent of large enterprises will use commercial CTI services by 2022 to bolster security — an increase from fewer than 10 percent today. But why is threat intelligence suddenly such an appealing approach to combating advanced cyber-threats? Today’s high-performing companies are embracing threat intelligence for
www.tahawultech.com
an array of uses, such as security data augmentation, phishing investigations, incident response, vulnerability management and detailed malware analysis. CTI lets security teams improve defences by triaging and prioritising alerts while increasing efficiency and productivity. Often integrated with Security Information Event Management (SIEM) or Endpoint Detection & Response (EDR) solutions, CTI correlates data gathered from inside the enterprise with indicators about external threats. By narrowing the range of threats marked for investigation, threat intelligence can more quickly and accurately identify the risk of a breach, or a breach that is penetrating your infrastructure. But, in one area, TI makes all the difference: email. Email – still the most common attack vector Data collected by Bitdefender researchers in the past 12 months indicates that the global volume of spam has increased 48 percent year-over-year. Spam remains a key delivery mechanism for malware, (banking Trojans, ransomware, etc.), or scams like the Nigerian prince, fraud and impersonation (business email compromise / BEC). Spam is the go-to weapon for cybercriminals. It can help in social engineering by gaining victims’ trust and compelling them to quickly open an attachment, click a link, type in a password, or even wire funds directly to the attacker’s account. Spam takes many elusive forms, some of which can sneak past perimeterlevel defenses, like next-gen firewalls and intrusion prevention and detection systems (IPS / IDS). Spear-phishing and whaling — also members of the spam family — are even bigger threats to an organi sation. Whaling scams, also known as Business Email Compromise
www.tahawultech.com
“CTI LETS SECURITY TEAMS IMPROVE DEFENCES BY TRIAGING AND PRIORITISING ALERTS WHILE INCREASING EFFICIENCY AND PRODUCTIVITY. ”
(BEC), essentially forge a boss’s email address, or compromise the boss’s email account outright in order to send fraudulent messages inside the organi sation. Typically, BEC operators ask a victim to transfer funds into a bank account they control. BEC scams have so far netted over US$12.5 billion, according to the FBI’s cyber-crime fighting group, the IC3. Emails sent in the name of the CEO can easily get past your firewall unless your filters use proper threat intelligence to spot the scam. So, how can security teams leverage threat intelligence to combat hackers’ most successful attack avenue? Well, it all boils down to the quality of the filters employed to parse the data. This is the key selling point for TI vendors and the key to success for prospecting buyers alike. Fine grain detection Applied to spam, phishing, spearphishing and whaling, threat intelligence can catch malicious emails targeting certain industries, sniff out emails laced with elusive malware, and spot campaigns using sophisticated methods to evade detection. For example, machine learning models analy se the text in the email for even the smallest clues that something is amiss. IP, domain and URL reputation (spam threshold from those sources) are
measured constantly for blacklisting and whitelisting. Tags — like employment, lottery, stock, pharma and dating — help categori se emails as suspicious before other filters kick in to infer or rebuff the validity of the email. And the list goes on. Current threat intelligence vendors overestimate the customer’s capabilities. All of the above can be served up directly to your security team, or, if you lack the manpower and skill in-house, you can outsource it to your vendor’s army of security experts trained to tweak those knobs for you, based on your business model, industry type, technical requirements, etc. In the context of spam, threat intel correlates data points from multiple levels and angles to determine whether the email you are looking at is malicious or legitimate. Separate the best from the rest When choosing your threat intel vendor, first look for easy integration with your existing tooling (SIEM, TIP, SOAR), targeted threat intelligence based on company profile, and predictive and strategic data. The best vendors deliver top-rated security data and expertise by leveraging dedicated anti-spam, anti-phishing and anti-fraud technologies, indicators of compromise on every layer of your infrastructure, internal crawling systems, email traps, honeypots and data from monitored botnets, advanced heuristics and content analysis. Top rated solutions also include an internal virtual machine farm that executes prevalent malware and collects threat information and, ideally, collaborates with other cybersecurity industry players, international organi sations and law enforcement agencies. And last, but certainly not least, always prospect those vendors whose reputation precedes them.
JANUARY 2020
21
INSIGHT
THREE WAYS CISOs CAN REMAIN IN CONTROL OF THEIR ENTERPRISES YASSER ZEINELDIN, CEO, EHOSTING DATAFORT, EXPLAINS WHY THE EMERGENCE OF MODERN SOCs, RISK ASSESSMENT PRACTICES, AND VENDOR DRIVEN SERVICES ARE LIKELY TO BOOST THE PERFORMANCE OF THE CISO ROLE.
22
JANUARY 2020
www.tahawultech.com
T
he recently concluded Gartner Security and Risk Management Symposium in Dubai, presented some jaw dropping statements. One of them was that 95% of GCC CIOs expect cybersecurity threats to get worse. Clearly CISOs are anticipating the consequences of various ongoing external challenges including growing technology complexity, growing sophistication of global and regional threat actors; and internal challenges such as disconnect on security spending, existing chasm with the Board, and lack of eye to eye with business peers, to impact them going forward. While digital transformation and cloud adoption is now on the drawing board of almost every CEO in the region, they are equally wary to exposing the organization to unanticipated threats from Cloud and other digital initiatives such as IOT etc. For example, industrial and manufacturing organizations that use control systems and automation, are now fully aware that a cyber security breach in the ICS systems, can also impact them in the mechanical world, destroying expensive equipment and paralyzing their core operations for days and paralyzing the business The sheer lack of qualified and skilled cyber security and risk management talent is also throwing another spanner inside the region. The number of unfilled cybersecurity roles globally is expected to grow from 1 million in 2018 to reach 1.5 million by the end of 2020. In another performance indicator about the region, Gartner analysts point out $825 million will be spent in 2020 on cybersecurity services in the
www.tahawultech.com
MENA region. This will be out of a total enterprise security spending in MENA of $1.7 billion in 2020, or close to 50% of the total. In other words, delivering cybersecurity services will drive half of the regional MENA market dynamics. Managed Security Services are proving extremely popular in the region due to lack of in-house skills. The wide, global and regional shortage of skilled security professionals implies that regional organizations will need to start thinking very differently about recruitment and retention. Here are some other independent trends that regional CISOs and security risk management heads need to be aware of. Regional enterprises need to look at revamping their security operation centers and taking them to the next modern level. Going forward, security operation centers will need to balance their capabilities across prevention, detection and response. Security operation centers will increasingly be looked at, as a business asset. This change is expected to happen rapidly and by 2022, 50% of global security operation centers will transform into modern setups with cutting edge security solutions, integrated incident response, threat intelligence and threat hunting capabilities, up from less than 10% as it was a few years ago Communication with business peers – while being increasingly invited to attend steering group meetings the road to enhance the security posture
CISO SHOULD ADAPT THE TREND TO TAKING VARIOUS SECURITY SOLUTION AS SERVICE WHERE POSSIBLE RATHER THAN TRYING TO BUILD IT IN-HOUSE.� is still a challenging one as CISOs and security risk managers. are struggling to connect the dots between security vulnerabilities, security spending, and business critical operations. Going forward, they will need to present their boards, solutions that will provided continuous visibility to the business risks originating from cyber threats, compliance to regulatory standards, KPI indicative of cybersecurity plans and initiatives etc With cybersecurity skills are in shortage, vendors may soon face the inevitable inflexion point where there are no longer skills in the market to support their product and solution sales. Vendors are expected to move towards a model of selling out hardware and licenses with services. CISO should adapt the trend to taking various security solution as service where possible rather than trying to build it in-house. Moving forward, CISOs and security risk management heads will need to master the above strategies and practices to remain in the race.
JANUARY 2020
23
INSIGHT
TURN THE TAP ON DIGITAL TRANSFORMATION AND CLOUD COMPUTING HAVE CHANGED THE BUSINESS TECHNOLOGY LANDSCAPE, BRINGING AN ENHANCED FOCUS ON NETWORK SECURITY AND INFRASTRUCTURE. A NETWORK TAP CAN BE A KEY IMPLEMENTATION TO OPTIMISE UPTIME AND PROTECT AGAINST BREACHES. TONY ROBINSON RCDD CDCDP CNIDP, GLOBAL MARKET DEVELOPMENT MANAGER, CORNING OPTICAL COMMUNICATIONS, EXPLAINS HOW.
T
he move into cloud in recent years for businesses has been quick and wholesale. There are advantages to be gained from shifting core business systems and applications into the cloud, but this move must come with the robust security to match. Disrupted services or data breaches could be catastrophic and can mean loss of reputation and revenue, particularly with the highly sensitive data entrusted to government bodies, including citizens’ health records and personal data. Software is certainly important, yet hardware must be a consideration of the security mix too. Cloud adoption introduces new hardware vulnerabilities. Applications are hosted outside the internal data centre, making it difficult for network administrators to track and analyse network performance
24
JANUARY 2020
in real-time. System lag and switch overutilisation could crash critical applications in the data centre and storage area network (SAN). As a result, data centre teams need to continually monitor for potential security threats such as denial-of-service attacks, and identify bottlenecks or other performance issues quickly. Steps to a secure environment There are a number of steps that organisations can take to ensure a more secure cloud environment. Involving network administrators and structured cabling teams to adopt a preventive approach with network monitoring, is not only effective in detecting errors and offering access to performance and utilisation data, but also ensures the accuracy of changes to produce only desired results.
In addition, a technology currently used in network monitoring systems is tap (traffic access point). A tap is a passive component that allows non-intrusive access to data flowing across the network and enables monitoring of network links. A tap uses passive optical splitting to transmit inline traffic to an attached monitoring device without data stream interference, thus ensuring no disruption to the live network. Tap technology an uptime enabler Maintaining uptime is a critical focus for businesses to maximise productivity and value for their IT networks and applications. Therefore, it is wise to implement solutions that allow network monitoring without affecting live applications. Network monitoring when implemented optimally should
www.tahawultech.com
“MAINTAINING UPTIME IS A CRITICAL FOCUS FOR BUSINESSES TO MAXIMISE PRODUCTIVITY AND VALUE FOR THEIR IT NETWORKS AND APPLICATIONS.�
allow individuals to see all network traffic including errors, regardless of packet size, in real time to allow preventative actions to be taken quickly and efficiently rather than a more costly, corrective approach after the event. Taps are truly passive and do not add any additional load onto the live network. Because the device simply splits a signal instead of replicating it, a portion of the signal can be taken offline, or out of band, to conduct analysis of the input/ output (I/O) traffic without affecting live applications. For these reasons, optical tapping is becoming a more popular solution for higher data rates. To integrate or not to integrate As network taps become more popular, a decision for procurement and security teams then becomes how this solution
www.tahawultech.com
is implemented. Not all taps are created equal, and it is important for businesses to understand the options available to them. The first consideration is location. Presenting the tap port as an MPO connector in the rear of the module will provide maximum flexibility when designing a structured cabling network. The MPO connector footprint allows separation of live production network ports and tap ports into different cabinet locations if desired. Using this capability to centralise the active monitoring equipment, rather than installing across multiple cabinet locations throughout the data centre, provides cost savings by optimising the use of active monitoring equipment and reducing the risk of patching errors. There are further considerations too. A tap can be either integrated or non-
integrated into your structured cabling and can use either fused biconical taper (FBT) splitters or thin-film splitters. Generally, integrated taps are providing better solutions for those looking to monitor their networks. Not only do they perform the same function as a normal structured cabling network, but also send a portion of light to the monitoring electronics. An integrated tap module allows moves, adds, and changes (MACs) to monitored ports without disrupting the live network, and can annually save up to eight hours in downtime. A powerful advantage of an integrated tap module is that the solution can be directly installed into structured cabling. Since integrated tap modules occupy the same space as traditional MPO or LC modules, adding monitoring to an existing network is as simple as swapping out a traditional module for a tap module. Tapping into the future? The need for data and the capability for businesses to store, analyse and manage it will only increase. This, in turn, means that potential cost considerations of a data breach will also grow. From a hardware point of view, companies need to fully understand their networks, and to integrate security and monitoring solutions that are scalable. Tapping provides this possibility, making it a pragmatic and realistic option that provides a robust, long-term solution.
JANUARY 2020
25
FEATURE
CONVERSING WITH BOTS WHAT ARE THE SECURITY IMPLICATIONS IN A WORLD WHERE PEOPLE DO NOT KNOW THAT THEY ARE INTERACTING WITH A COMPUTER OR A PERSON? SECURITY CORRESPONDENT DANIEL BARDSLEY INVESTIGATES.
M
any of us have answered the telephone only to find that the person on the other line is not a real person at all. The voice on the other end of the line may sound very similar to a human being, but the stilted delivery and lack of small talk give the game away. We are talking to a bot. Law firms searching for people who have suffered accidents sometimes use bots when attempting to drum up new clients, as do companies attempting to convince individuals that their home computers have been hacked. A fascinating new study undertaken by UAE researchers highlights the way in which we often do not react well when dealing with bots. Published in Nature Machine Intelligence, the study involved testing
26
JANUARY 2020
how people behave when playing the “prisoner’s dilemma” game with a bot or a person. A favourite test bed for game theory researchers, prisoner’s dilemma can be carried out by over multiple rounds by two individuals who have to choose each time whether to cooperate or betray the other. If both cooperate, each gets a modest pay-off. When both choose betrayal, each suffers. So it might seem that both should always cooperate. But there is a complication: if one cooperates and the other betrays, the player who carries out the betrayal receives a larger pay-off than if both cooperate. Over repeated
www.tahawultech.com
games, the best strategy for both is to cooperate, but the temptation is always there to betray the other and receive a higher pay-off for that round.
www.tahawultech.com
As described in the paper, which is entitled “Behavioural Evidence for a Transparency-Efficiency Trade-off in Human-Machine Cooperation”, hundreds of volunteers took part in the study online. About a quarter of the volunteers played against a bot and were told
that this was the case, while a further quarter played against a bot but thought they were playing against a human. Another quarter played against a human and were informed of this, while the other quarter played against a human but had been told that the other player was a bot. Overall, the bot got better results than the human player, which is perhaps not surprising given the emotional detachment and improved powers of analysis of bots. But, in a crucial result, the bots performed worse when the people that they were playing against knew that they were up against a bot. From this we can conclude that people react poorly to dealing with bots and are more likely to react well to a human. As a result, bots are better off pretending to be human. The study’s authors include Dr Talal Rahwan, an associate professor of computer science at New York University Abu Dhabi, and two researchers from the Department of Computer Science at Khalifa University, Abu Dhabi, Dr Fatimah Ishowo-Oloko and Zakariyah Soroye. Their co-authors are based in France, Germany and the United States. The study is of particular interest because bots are becoming increasingly convincing at posing as people. For example, Google’s Duplex technology wowed the audience at the 2018 Google I/O developer festival at Mountain View, California, when the company replayed a call of Duplex ringing a restaurant to make a reservation. There was little, if anything, to distinguish Duplex from a person. It was even able to add
JANUARY 2020
27
FEATURE
“FOR INSTANCE, RECORDED HUMAN VOICES USUALLY HAVE VARYING PHASES, WHICH CORRESPOND TO THE DIFFERENT TIME SOUND WAVES REACH THE RECORDING DEVICE.” - Professor Siwei Lyu, University at Albany, State University of
New York
in the occasional “ermm” and other such imperfections of normal speech, so that the person on the other side of the line apparently remained unaware that they were talking to a piece of artificial, rather than real, intelligence. Within limits, Duplex can even put conversations back on track if they veer off topic, so it is more versatile than might be imagined. While impressing many from a technological perspective, the 2018 demonstration suggests that such technology could result in a situation in which individuals speak to bots without realising that they are doing so, leading to concerns that fraudsters in particular might try to exploit the technology. In a statement released by NYU Abu Dhabi on the publication of his recent study, Rahwan said that, although there was a consensus that machines should be open about how they make decisions, it was “less clear whether they should be transparent about who they are”. He went on to ask if we should prohibit bots from passing as humans, and require them to announce who they are. “If the answer is ‘Yes’, then our findings highlight the need to set standards for the efficiency cost that we are willing to pay for such transparency,” Rahwan was quoted as saying. Many specialists in human-robot interactions take the view that it is important for bots to announce who they are. Professor Marc Hanheide, a professor of intelligent robotics and interactive systems at the University of Lincoln in the United Kingdom, describes it as a “moral obligation” for them to do so.
28
JANUARY 2020
“It’s like if you call me and tell me you’re someone else. They need to introduce themselves in the right way and be very explicit on who they are,” he says. Google has built precautionary elements into Duplex, such as ensuring that the system lets the person it is conversing with know that it is a bot. Also there are limits on how many calls an individual could make using Duplex, and how many calls a business could receive, to prevent spamming. But Duplex is just one of many such systems being created, and there are no guarantees that controls will always be in place. So, are there other technological measures to reduce the risks of fraud in a world where it is difficult to tell the difference between real and fake? Among the researchers interested in this is Professor Siwei Lyu, from the Department of Computer Science at the University at Albany, State University of New York. Lyu is director of the university’s Computer Vision and Machine Learning Lab. Both text-to-speech synthesis (which speaks any texts using a particular voice) and natural language processing (which generates human-like sentences for conversations) have, says Lyu, developed rapidly in recent years. “So it becomes harder and harder to tell a synthetic conversation from a real one, either by the sounds or the contents,” he says. There are, however, technological methods that can be employed to identify bots. These might highlight physiological cues, such as the
absence of breathing sounds, or signal abnormalities. “For instance, recorded human voices usually have varying phases, which correspond to the different time sound waves reach the recording device,” says Lyu. “The different reaching time is due to the fact that sounds starting from the speaker’s mouth reach the recording device via different paths, some direct, some indirect, by reflecting from the walls and other surfaces in the environment.” By contrast, because they are produced by an algorithm, synthetic speech may have very limited phase differences. While human ears cannot detect such phase differences, some signal processing analysis can show them. Another approach to identifying bots could be to train another machinelearning algorithm to spot differences in synthesised speech. “Presumably, these methods can be used as a plug-in in the phone,” says Lyu. So, even if rogue bots did not carry a signal that identifies them as bots, technology could help telephone users to determine who or what they are speaking to. Security questions aside, do we actually want to live in a world where we have conversations with bots, rather than humans? General chat with other – real – people may be more important to our general well-being than many of us realise. While some might have reservations about the development of bots able to converse, Hanheide suggests the fact that many of us like to carry out transactions online instead of by telephone suggests that we can happily do without many conversations that we might have. “If we do the same thing with a robot, a lot of people would like it. It’s not a replacement for human contact; it will complement that. We can focus on the best conversations with people,” he says. www.tahawultech.com
FEATURE
HIGH ALERT ADVANCED PERSISTENT THREATS (APT) ARE HIGHLY TARGETED AND SOPHISTICATED MULTI-STAGE ATTACKS IN WHICH AN INTRUDER GAINS ACCESS TO A NETWORK AND REMAINS UNDETECTED FOR AN EXTENDED PERIOD OF TIME. SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO SHED LIGHT ON THE DIFFERENT SOCIO FACTORS (NONTECHNICAL VULNERABILITIES) THAT CONTRIBUTE TO THE SUCCESS OF APT ATTACKS IN ORGANISATIONS.
F
ew types of cyber-attack create more of a fear factor than advanced persistent threats, given that they involve infiltrating a network and remaining undetected for long periods. The aim of these attacks is typically not to bring down the target organisation’s systems like in a ransomware attack. Instead, the attackers are keen, over an extended period that can easily run into months, to ensure that the victim organisation does not even know they are there.
www.tahawultech.com
The attackers steal data, something that may have serious consequences for the organisation that falls victim. There can be few more damaging things to a healthcare company, for example, than having patient records stolen by cybercriminals. Frequently zero-day or near zero-day malware, namely unrecognised malware that does not raise any red flags, is used. Often advanced persistent threats (APTs) have been carried out by state-sponsored actors, with China, Iran, Russia and the United States, among others, thought to be involved.
JANUARY 2020
29
FEATURE
Dr Mathew Nicho, Zayed University in Dubai
“THE MOST IMPORTANT THING IS TO EDUCATE THE MANAGEMENT FIRST, THEN THE USER. IF THEY DON’T KNOW IT, HOW CAN THEY EDUCATE THE STAFF?” But the motivations of the attackers may be economic as well as political, and companies in an array of sectors are targeted. It is of particular concern to firms in the Middle East that the dwell time – the period during which the attackers infiltrate a system without detection – in Europe, the Middle East and Africa (EMEA) is a long one. According to the M-Trends 2019 report from the cybersecurity company FireEye, the median dwell time in EMEA was 177 days in 2018. The Asia-Pacific (APAC) figure was slightly higher, at 204 days, but in the Americas, the median dwell time last year was much lower, at 75.5 days. Fortunately, dwell times are now much lower than they used to be – the worldwide median figure in 2011 was 416 days – but it remains almost six months in EMEA, which is much higher than today’s global average. This makes newly published research on the factors that can cause APTs in the UAE all the more relevant. Dr Mathew Nicho, an assistant professor at the College of Technological Innovation at Zayed University in Dubai, has co-authored a study, entitled, “Dimensions of ‘Socio’ Vulnerabilities in Advanced Persistent Threats,” that was submitted to a conference this year. Nicho has been looking for answers to the question of what causes APTs since 2012, when he began a project on socio
30
JANUARY 2020
factors after learning that some of his students had received spear phishing emails. “I had students coming to me, telling me: ‘I got this email. It seems it’s a phishing email. My system is compromised. It looks like some malware is inside,’” said Nicho. “I started getting this every two weeks, even every week. I thought that there’s something wrong in the way people use computers. “I found that the UAE is one of the most attacked countries in the world. Almost every week you get these things saying, ‘Somebody lost 100,000, somebody lost 200,000, somebody has been hacked.’ I thought that this is something that should be studied.” Between 2014 and 2017 Nicho conducted interviews with individuals responsible for cybersecurity at nine large organisations in the UAE. These organisations covered sectors including finance, aviation, government, oil and IT. As outlined by Nicho and his coauthor, Dr Christopher McDermott, a lecturer in the School of Computing and Digital Media at Robert Gordon University in Aberdeen in the United Kingdom, APTs are caused by both socio factors, which means human-related vulnerabilities, as well as technical factors, such as poor cyber defences or weaknesses in the system. This categorisation into two broad groups is well-known. But what Nicho
and McDermott have looked into in more depth is what these socio factors consist of. In drilling down further into the reasons behind socio factors, they are helping create a better understanding of why, for example, spear phishing emails prove successful in leading to breaches. Phishing emails are a frequent starting point for APTs, with a recent report from Positive Technologies, a cybersecurity company, saying that they were behind 81 percent of breaches suffered by commercial organisations. A key finding of Nicho and McDermott’s is that, when trying to understand socio factors, it is not sufficient to say that the user is at fault. “The media, whether it’s broadcast media or print media or online, always blame the user. We found out there are two other factors,” says Nicho. As described in the paper, the cybersecurity experts who were interviewed identified vulnerabilities that could be grouped into categories. These
www.tahawultech.com
Dr Christopher McDermott, Robert Gordon University in Aberdeen
“SOMETIMES IT TAKES A COMPROMISE TO GET PEOPLE TO DO SOMETHING.” different types demonstrated that socio factors extend well beyond just user behaviour or employee vulnerabilities. As well as employee vulnerabilities, two other types of socio vulnerability were highlighted: environmental factors and organisational management factors. By detailed analysis of the responses during the interviews, the researchers determined that management vulnerabilities create 55 percent of the risk, while employees are responsible for 31 percent of the risk and environmental factors make up the remaining 14 percent. “It’s the management and environmental factors that make the user fall into the trap,” says Nicho.
www.tahawultech.com
“The management is responsible for educating users to utlise the system properly. The relevance of IT security has to be drilled into thes management’s head. The most important thing is to educate the management first, then the user. If they don’t know it, how can they educate the staff?” It might be that the organisation focuses too much on revenue and satisfying customers, and not enough on security. And, in what is known as ‘segmented security’, security may be seen as a separate discipline, rather than an all-encompassing issue. “In America, people are probably more aware; they receive more training. In the organisations in the Middle East, there
may be an insufficient amount of training for employees at the management level, so people could be more vulnerable to even the simplest attacks,” says McDermott. “You have very competent and highly trained managers, but security is almost like an afterthought.” Simple measures to take include ensuring that users have only the privileges that they need. Another recommendation is to carry out an annual audit of the IT infrastructure to highlight vulnerabilities. Other actions that companies in this part of the world are advised to consider include putting in place training programmes for employees, ensuring that firewalls are up to date and sandboxing events if they happen. “[These are] things they should be doing from the start. Sometimes it takes a compromise to get people to do something,” says McDermott. “I would hope the security general awareness would increase. For many [companies targeted] there will be financial implications.” Nicho is looking to develop training methods to educate users on how to protect themselves from APTs, and has received a grant of Dh150,000 to aid this initiative. He hopes that government departments could trial the methods before they are released to the private sector. Both researchers are interested in continuing their study on the factors behind APTs in the Middle East. One area that McDermott says would be particularly useful would be making comparisons with other regions of the world in terms of the causes of APTs. So, the hope is that in future, more companies will be able to help their staff to keep the attackers at bay and prevent the risk of APTs.
JANUARY 2020
31
FEATURE
THE END OF THE LINE
WINDOWS 7 HAS BEEN ONE OF THE MOST SUCCESSFUL OPERATING SYSTEMS DEVELOPED BY MICROSOFT. HOWEVER, DESPITE THE OPERATING SYSTEM GOING ‘END OF LIFE’ THIS MONTH, MANY ORGANISATIONS STILL HAVEN’T UPDATED THEIR PCs MAKING THEIR SYSTEMS VULNERABLE TO SECURITY BREACHES.
I
t is now just over 10 years since the launch of Windows 7, and Microsoft is now, in a sense, officially consigning the operating system to the archives. This decade anniversary is important because it was the reason why mid-January 2020 was chosen as the time when extended support for Windows 7 would end, so updates and patches are no longer routinely available. Some further support will continue to be on offer for those willing to pay, but this will not last indefinitely, so the final end is in sight. Microsoft previously said that it “strongly recommends that you move to Windows 10 some time before January 2020.” But not everyone has done that, which raises the question of what the
32
JANUARY 2020
many companies whose desktops rely on Windows 7 should do to protect themselves when security patches and updates are no longer provided. “There is potential for zero-day vulnerabilities – never-before-seen in the world,” says Karl Lankford, director, solutions engineering, BeyondTrust. Normally, of course, the manufacturer produces fixes for such emerging vulnerabilities, but once a product goes end of life, that is no longer the case. “The risk is the unknown unknowns. We don’t know what’s coming next. We don’t know how that will manifest itself,” says Lankford. “We’ll see more of these vulnerabilities appear; we certainly did at the end of Windows XP support.” Experts have noted that Windows 7 is already starting to look vulnerable from a security perspective, even before the end of life. Notably, it was the operating
system most heavily affected by the WannaCry ransomware attacks of May 2017. Windows 7 is still being used by many tens of millions of machines around the world so, as Lankford puts it, there will be “a pretty big attack surface” once it goes end of life. While the figure will have since dwindled, Windows 7 still had a market share among desktop computers of just over 30 percent in September 2019, according to Net Applications. Many firms, it seems, have been slow to migrate to Windows 10. “I’m assuming there are still quite a number of industries, especially
www.tahawultech.com
smaller businesses, that are avoiding the upgrade. They find themselves in January behind the ball,” says J. Peter Bruzzese, a strategic consultant and evangelist for Mimecast who has been named a Most Valuable Professional (Office Apps and Service) by Microsoft eight times. It is easy to understand why companies might be reluctant to cause themselves disruption by moving to a new system. “Sometimes when you find something that works, it’s working for your people, if you’re not in an industry that requires constant change – why change and upgrade and pay for something that’s
www.tahawultech.com
Karl Lankford, BeyondTrust
“THE RISK IS THE UNKNOWN UNKNOWNS. WE DON’T KNOW WHAT’S COMING NEXT. WE DON’T KNOW HOW THAT WILL MANIFEST ITSELF.” going to be no difference for your end users? That holds some back; there’s no real need,” says Bruzzese, explaining the thinking that companies might have. Encouraging companies to migrate to Windows 10 might be a particular challenge because, as Bruzzese puts
it, Windows 7 is “very well liked”, which is, of course, not the case with every iteration of Windows. But it may be more than what could be seen as inertia that prevents firms from upgrading. Migration may entail significant upheaval and even be very
JANUARY 2020
33
FEATURE
difficult to achieve, given a company’s current IT set up. “It’s not that [companies] want to be slow in reacting, but these systems are used in such a wide-reaching manner it can be very difficult to move without a lot of disruption,” says Lankford. As Matt Walmsley, Europe, Middle East and Africa director for the cybersecurity company Vectra, highlights, many point-of-sale or Internet of Things (IoT) use Windows 7. With supermarket checkout pointof-sale devices, for example, Walmsley says it is “not the work of a moment” to swap these and upgrade to a supported version of Windows. IoT and other devices often require significant initial capital expenditure, much more so than a standard PC used in an office, so replacing them is not done unless necessary. Other devices that are difficult to migrate over to new versions of Windows include the likes of MRI scanners. In some instances, as was highlighted when Windows XP went end of life, the software in devices may not be compatible with later versions of windows, which is another barrier to migration. “There’s always a transition time when they have to make do with what they’ve got. Even now there’s still embedded Windows XP out there,” says Walmsley. He says the biggest risks linked to end of life often apply to smaller organisations that may operate fairly small numbers of machines and that may lack security skills. On the other hand, he also notes that such smaller companies may face smaller barriers to migration, since they are less likely to be operating the type of complex bespoke applications
34
JANUARY 2020
Matt Walmsley, Vectra
“THE BIGGEST RISKS LINKED TO END OF LIFE OFTEN APPLY TO SMALLER ORGANISATIONS THAT MAY OPERATE FAIRLY SMALL NUMBERS OF MACHINES AND THAT MAY LACK SECURITY SKILLS.” that complicate moving to a new operating system. “It could be [that they have to] just part ways with the PC and go through the upgrade cycle,” he says. For other companies, it may be a case of redesigning applications or moving to new platforms in order to facilitate migration. Such software complications are particularly relevant to companies in the oil and gas sector. Jonathan Couch, senior vice president for strategy at ThreatQuotient, says that industrial software systems in the oil and gas sector often run on older operating systems. “They cannot change from these operating systems until the software vendor updates the software,” says Couch. Indeed, Couch says risks linked to operational technology firms would be his biggest security concerns linked to end of life. “They’re historically known for not updating their software as often as they should,” he says. Walmsley says that there is “no silver bullet”, no “one-size-fits-all” solution to dealing with cybersecurity risks around end of life. In instances where migration cannot happen, at least for the moment, and where replacement is not the ideal move, he advises putting “mitigating
controls and protection” around devices to reduce the likelihood of a breach. “Particularly for IoT devices, monitoring of the network is probably the only thing you can do to secure these devices, particularly when it comes to end of life,” he adds. Walmsley says that Vectra, which has operated in the Middle East for more than two years and has teams based in Dubai, is able to alert companies if, for example, their pointof-sale devices have been breached. Major corporate customers have used an AI threat-hunting platform from Vectra, called Cognito, to protect their point-of-sale and other devices, among them Coop Group, a major Swiss retailer and wholesaler. When an operating system goes end of life, there are, of course, concerns that extend beyond security. Indeed these can be more pertinent to some businesses than security worries. “It’s to do with the business being able to operate,” says Couch from ThreatQuotient. “If you have Windows 7 and you want a new application for your HR system or whatever, if that application doesn’t work with Windows 7, that affects my business and my employees and my ability to get the job done.” So, migration is not just about security – it can affect the bottom line too.
www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
facebook.com/tahawultech
twitter.com/tahawultech
linkedin.com/in/tahawultech
INSIGHT
LOOKING AHEAD RAJ SAMANI, CHIEF SCIENTIST AND MCAFEE FELLOW, SHARES THE FINDINGS OF THE MCAFEE LABS’ 2020 THREATS PREDICTIONS REPORT.
W
ith 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead. Cybercriminals are increasing the complexity and volume of their attacks and campaigns, always looking for ways to stay one step ahead of cybersecurity practices – and more often using the world’s evolving technology against us. The threatscape of 2020 and beyond promises to be interesting for the cybersecurity community.
36
JANUARY 2020
Broader Deepfakes Capabilities for Less-skilled Threat Actors Deepfake video or text can be weaponised to enhance information warfare. Freely available video of public comments can be used to train a machine-learning model that can develop of deepfake video depicting one person’s words coming out of another’s mouth. Attackers can now create automated, targeted content to increase the probability that an individual or groups fall for a campaign. In this way, AI and machine learning can be combined to create massive chaos.
www.tahawultech.com
“WE PREDICT THE ABILITY OF AN UNTRAINED CLASS TO CREATE DEEPFAKES WILL ENHANCE AN INCREASE IN QUANTITY OF MISINFORMATION.”
massive recall. Such a video can be distributed to manipulate a stock price or enable other financial crimes We predict the ability of an untrained class to create deepfakes will enhance an increase in quantity of misinformation.
In general, adversaries are going to use the best technology to accomplish their goals, so if we think about nation-state actors attempting to manipulate an election, using deepfake video to manipulate an audience makes a lot of sense. Adversaries will try to create wedges and divides in society. Or if a cybercriminal can have a CEO make what appears to be a compelling statement that a company missed earnings or that there’s a fatal flaw in a product that’s going to require a
www.tahawultech.com
Adversaries to Generate Deepfakes to Bypass Facial Recognition One of the most prevalent enhancements to facial recognition is the advancement of artificial intelligence (AI). A recent manifestation of this is deepfakes, an AI-driven technique producing extremely realistic text, images, and videos that are difficult for humans to discern real from fake. Primarily used for the spread of misinformation, the technology leverages capabilities. Generative Adversarial Networks (GANs), a recent analytic technology, that on the downside, can create fake but incredibly realistic images, text, and videos. Enhanced computers can rapidly process numerous biometrics of a face, and mathematically build or classify human features, among many other applications. While the technical benefits are impressive, underlying flaws inherent in all types of models
represent a rapidly growing threat, which cyber criminals will look to exploit. As technologies are adopted over the coming years, a very viable threat vector will emerge, and we predict adversaries will begin to generate deepfakes to bypass facial recognition. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and invest in educating themselves of the risks as well as hardening critical systems. Ransomware Attacks to Morph into Two-Stage Extortion Campaigns In McAfee’s 2019 threat predictions report, we predicted cyber criminals would partner more closely to boost threats; over the course of the year, we observed exactly that. Ransomware groups used pre-infected machines from other malware campaigns, or used remote desktop protocol (RDP) as an initial launch point for their campaign. These types of attacks required collaboration between groups. Based on what McAfee Advanced Threat Research (ATR) is seeing in the underground, we expect criminals to exploit their extortion victims even more moving forward. The rise of targeted ransomware created a growing demand for compromised corporate networks. This demand is met by criminals who specialise in penetrating corporate networks and sell complete network access in one-go. For 2020, we predict the targeted penetration of corporate networks will continue to grow and ultimately give
JANUARY 2020
37
INSIGHT
way to two-stage extortion attacks. In the first stage cybercriminals will deliver a crippling ransomware attack, extorting victims to get their files back. In the second stage criminals will target the recovering ransomware victims again with an extortion attack, but this time they will threaten to disclose the sensitive data stolen before the ransomware attack. DevSecOps Will Rise to Prominence as Growth in Containerised Workloads Causes Security Controls to ‘Shift Left’ Containerised applications are built by assembling reusable components on software defined Infrastructure-asCode (IaC) which is deployed into Cloud environments. Continuous Integration / Continuous Deployment (CI/CD) tools automate the build and deploy process of these applications and IaC, creating a challenge for pre-emptive and continuous detection of application vulnerabilities and IaC configuration errors. To adjust to the rise in containerised applications operating in a CI/CD model, security teams will need to conduct their risk assessment at the time of code build, before deployment. This effectively shifts security “left” in the deployment lifecycle and integrates security into the DevOps process, a model frequently referred to as DevSecOps. Additionally, threats to containerised applications are introduced nor only by IaC misconfigurations or application vulnerabilities, but also abused network privileges which allow lateral movement in an attack. To address these run-time threats, organisations are increasingly turning to cloud-native security tools developed specifically for container environments. Cloud Access Security Brokers (CASB) are used to
38
JANUARY 2020
conduct configuration and vulnerability scanning, while Cloud Workload Protection Platforms (CWPP) work as traffic enforcers for network microsegmentation based on the identity of the application, regardless of its IP. This approach to application identity-based enforcement will push organisations away from the five-tuple approach to network security which is increasingly irrelevant in the context of ephemeral container deployments. When CASB and CWPP solutions integrate with CI/CD tools, security teams can meet the speed of DevOps, shifting security “left” and creating a DevSecOps practice within their organisation. Governance, compliance, and overall security of cloud environments will improve as organisations accelerate their transition to DevSecOps with these cloud-native security tools.
using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams. Vulnerabilities will continue to include broken authorisation and authentication functions, excessive data exposure, and a failure to focus on rate limiting and resource limiting attacks. Insecure consumption-based APIs without strict rate limits are among the most vulnerable. Headlines reporting APIbased breaches will continue into 2020, affecting high-profile apps in social media, peer-to-peer, messaging, financial processes, and others, adding to the hundreds of millions of transactions and user profiles that have been scraped in the past two years. The increasing need and hurried pace of organisations adopting APIs for their applications in 2020 will expose API security as the weakest link leading to cloud-native threats, putting user privacy and data at risk until security strategies mature. Organisations seeking improvement in their API security strategy should pursue a more complete understanding of their Cloud Service APIs through comprehensive discovery across SaaS, PaaS and IaaS environments, implement policy-based authorisation, and explore User and Entity Behavior Analytics (UEBA) technology to detect anomalous access patterns.
“THE RISE OF TARGETED RANSOMWARE CREATED A GROWING DEMAND FOR COMPROMISED CORPORATE NETWORKS.”
Application Programming Interfaces (API) Will Be Exposed as The Weakest Link Leading to Cloud-Native Threats A recent study showed that more than three in four organisations treat API security differently than web app security, indicating API security readiness lags behind other aspects of application security. The study also showed that more than two-thirds of organisations expose APIs to the public to enable partners and external developers to tap into their software platforms and app ecosystems. Threat actors are following the growing number of organisations
www.tahawultech.com
WE’RE NOT JUST FIREWALLS. SonicWall automated, real-time breach detection and prevention layers proven cybersecurity across your entire organization. You know SonicWall because of our rich history designing high-performance firewalls. But like your organization, SonicWall has evolved. Today, the modern SonicWall Capture Cloud Platform delivers automated, real-time breach detection and prevention to safeguard your business or organization. With this layered approach, you can stop the most malicious cyberattacks, including ransomware and encrypted threats, from compromising your network and damaging your brand.
Physical & Virtual Firewalls
Multi-Engine Cloud Sandbox
Public & Private Cloud Security
Endpoint Protection
Secure Email
Cloud Application Security
SD-WAN
Web Application Firewall
Secure Remote & Wireless Access
Unified Management & Reporting
Social icon
www.SonicWall.com
Rounded square Only use blue and/or white. For more details check out our Brand Guidelines.
@SonicWall
SonicWall
SonicWall_Inc