The Integrator by INTEGRATOR MEDIA

EDITORIAL

CELEBRATING THE 100th ISSUE; SUCCESS OFTEN COMES TO THOSE WHO DARE TO ACT It is rightly said, “Success often comes to those who dare to act.” The Integrator along with its copublications reiterate it over and again showing constant hard work and abilities to challenge. With immense pride and confidence, The Integrator releases its 100th edition to its enterprise audience and joins the clan of leading tech publications in the world. Collating other achievements, today, we attribute our strength to the success of 230+ editions of VAR, which continues to be the favorite publication of the ICT channel, 150+ events in 14 countries, and b2b lead generation programs in 24 countries.

COVER STORY

The cover story helps readers understand the trend of cyberattacks, the impact of breaches, and required strategies against cyberattacks.

The enclosed February issue focuses on cybersecurity; it elaborates the breadth and depth of technologies that are in use to defend network and software systems against cyberthreats, detect vulnerabilities, and more.

NEWS IN DETAIL

While the cover story thoroughly “examines the fundamentals of recent cyber intrusions, the interviews and columns of cybersecurity professionals analyze several defense apparatuses for networks and cloud, the need for end-user education, and other crucial aspects. The editions collaborate with experts from Fortinet, Palo Alto, Kaspersky, F5, Acronis, and Gartner to voice their opinions on the subject. The excitement of starting “SME Champions,” an initiative that brings enterprises, tech giants, BFSIs, and logistic companies together on a common platform, fuels further energy to present the current edition and forthcoming ones. We request partners and sponsors to take full advantage of year-round promotions and networking opportunities.

Murali Margassery Assistant Editor

FEBRUARY 2022

Equinix Opens a Coinnovation Facility for Its Partners

EXCLUSIVE INTERVIEWS

High-Performing Cybersecurity Mesh Platform to Protect Enterprise Assets The Integrator engages Alain Penel, Regional Vice President – ME at Fortinet to discuss the company’s capacities to help enterprises against cyberattacks.

Thanks for supporting us. Read and comment!

Active Resistance Against Cyberattacks

www.VARonline.com

Vivek Sharma Murali Margassery Faiz Ahmed Suneeta Dadwani Sreejit Nair

CEO Assistant Editor Graphic Designer Business Coordinator & Executive Assistant Sales Manager

Content 16

Kaspersky’s Comprehensive Solutions Offer Full Spectrum of Protection Against Cyberattacks.

INTERVIEW

Mobility Services Come Smarter and Easier; SelfDrive Shows the Way

FEATURE

Palo Alto Strikes Competition with Its Innovative and Robust Security Solutions

COLUMN

28 34

Defending Applications From Complex and Modern Attacks Data: A Critical Cyber Security Tool

How Multi-Cloud Application Delivery is Impacting Ecommerce Providers

NEWS BYTES

Govt of Ajman and Visa Sign MOU to Implement Contactless Payments

Proven Robotics Opens First Robotics Technical Service Center in KSA

EYE TECH

Virsec Wishes to End Attacks on Server Infrastructure With DPP

Published by: JNS Media International (OMA Group Company) Sales Inquiries:

sales@var-mea.com

All other Inquiries: info@var-mea.com Editorial:

editor@var-mea.com

OMA House, P.O. Box: 3314, Sharjah, United Arab Emirates. Tel: +971 6 573 0000 | website: www.VARonline.com Disclaimer: While the publishers have made every attempt possible to get accurate information on published content in this Magazine they cannot be held liable for any errors herein.

www.VARonline.com

FEBRUARY 2022

TECHNOLOGY

NEWS BYTES

MECOMED TO BOLSTER REGION’S HEALTHCARE DELIVERY THROUGH COLLABORATIVE EFFORTS

ecomed, the Medical Technology Association in the Middle East and Africa, hosted the Networking Breakfast at Arab Health 2022, one of the region’s leading medical technology events that took place last month at the Dubai World Trade Centre. The event was attended by over 60 MedTech executives and government officials, wherein Rami Rajab, Chairman of Mecomed, highlighted the association’s achievements and shared strategic objectives in the post-pandemic era with the audience. He stated, “To improve the region's healthcare experience, the industry must collaborate with the regulators on implementing the newest and safest medical technology. The challenges presented by the pandemic have inspired us to further improve patients' health through innovations

that will empower them to take better control of their wellbeing. Mecomed is committed to helping the MedTech industry flourish through efforts that impact policies, incorporate best world practices, and underline the true value of today's medical technology.” After the Chairman’s address, he moderated a panel discussion, where the panelists discussed how the MedTech industry leads the

transformation of healthcare in the Middle East and Africa, as part of its ongoing efforts to maintain stability and growth in the region's healthcare systems while putting patients first. Mecomed underlined the importance of partnerships between the MedTech industry and policymakers focused on enhancing the healthcare experience in the MEA region, enabled by the recent challenges of the pandemic.

AXIS UNPACKED THE TRANSFORMATIVE IMPACT OF 5G ON VIDEO SURVEILLANCE AT EXPO

xis Communications has conducted its fifth highimpact technology conference at Dubai’s Expo 2020. The conference, titled “Share in the discovery of 5G,” took place on February 22, 2022 and brought together a panel of experts to discuss the unique challenges and opportunities of 5G adoption for enterprises.

FEBRUARY 2022

The conference was opened by Ettiene van der Watt, Regional Director – MEA at Axis. Discussions on topics ranging from smart buildings, smart cities, urban mobility, manufacturing, and the impact of 5G on personal and professional lives formulated the flow of the event. They also included a focus on 5G-enabled smart buildings with enhanced safety and security presented by Marie Helene Mansard, Director of Business Development - Axis Communications APA, and 5G’s unique factors beyond unprecedented bandwidth speeds, presented by Vishnu Bhan, Senior Director at Singtel. “By 2025, 5G networks are likely to cover one-third of the world's population. While 3G and 4G LTE have primarily served the private subscriber, 5G will enable enterprises and governments to connect IoT devices at greater scale and improve decision-making with realtime data aggregation and analysis,” explained van der Watt. Axis is hosting six transformative technology conferences at Expo 2020 from 1 October 2021 to 31 March 2022.

www.VARonline.com

TECHNOLOGY

NEWS BYTES

THYCOTICCENTRIFY IS NOW DELINEA; BRAND LAUNCHED AT LEAP 2022 IN SAUDI

elinea was formed in April 2021 through the merger of established PAM leaders Thycotic and Centrify. The combined company provides comprehensive, cloud-ready solutions for small businesses and global enterprises. “At Delinea, we believe the opposite of complex isn’t simple – it’s seamless. Our mission is to provide security that’s invisible to the user, while simultaneously providing IT and security teams with the control they require,” said Art Gilliland, CEO at Delinea. “With Delinea, the boundaries of access are easily defined to help customers reduce risk, ensure compliance, and streamline security. We are providing privileged access without the excess.” Delinea’s solutions grant access

to an organization’s most critical data, devices, code, and cloud infrastructure using a centralized dashboard. Users get access when and where they need it, for as long as needed to complete the task. Delinea empowers agility, productivity, and security.

“One year ago, in partnership with the Thycotic and Centrify teams, we set out to build a dynamic identity security platform that delivers one of the most comprehensive product suites in the market,” said Tim Millikin, Partner at TPG Capital.

LYCÉE LOUIS MASSIGNON OPTS FORTINET TO STRENGTHEN ITS WEB SECURITY

ycée Louis Massignon (LLM), a plurilingual school certified by the French Ministry of National Education in Abu Dhabi, UAE, chooses Fortinet Security Fabric to improve its security infrastructure and keep its students and staff safe online. LLM educates more than 1700 pupils from pre-Kindergarten to high school. To better meet compliance requirements, mitigate chances of data leaks, keep students safe on the web, and preserve LLM’s reputation and credibility, the school decided to improve its security infrastructure to keep up with the increase in the volume of threats and the sophisticated cyber threat landscape. “Education institutions are amongst the most targeted sectors by cybercriminals, owning to several

Christope Hammami IT Manager, Lycée Louis Massignon key factors caused by things like cost constraints, overburdened IT team, and legacy systems,” said Alain Penel, Regional Vice President – Middle East, Fortinet. Fortinet Security Fabric approach www.VARonline.com

claims to have combined protection across the entire attack surface and cycle with unified management and orchestration, market-leading AI-powered security services, granular control, and centralized compliance capabilities. FortiGate next-generation firewalls (NGFWs) supporting secure sockets layer (SSL) inspection (including TLS1.3), with natively integrated FortiGuard cloud-delivered web filtering, and advanced intrusion prevention (IPS)were deployed in the LLM infrastructure, reducing complexity by consolidating multiple point products into one Security Fabric. “Our former solution was unstable and incapable of blocking inappropriate websites,” says Christope Hammami, IT Manager at Lycée Louis Massignon. FEBRUARY 2022

TECHNOLOGY

NEWS BYTES

LEAP 2022: HUAWEI SHOWCASED FRONT-LINE DIGITAL TRANSFORMATION TECHNOLOGIES

uring the LEAP conference held in Riyadh, Saudi Arabia, Huawei showcased a new generation of technologies and applications, which offer to assist digital transformation agendas of the Middle East nations. LEAP was held against the backdrop of rapid digital transformation in Saudi society, in line with Vision 2030 goals. The country aims to become one of the world's top 20 tech economies using digital to create a more diverse economy. Steven Yi, president of Huawei Middle East, said, "as the host of LEAP, Saudi Arabia’s digitization roadmap exemplifies the transformative role of technology across all sectors of the society. The Kingdom has put digitization on the fast track and is now amongst the global pioneers in deploying new generations of ICT solutions. LEAP has served as an important international forum to build consensus and deepen

collaboration in areas that will create new economic and social value for all.” Under the theme of “Dive into Digital”, Huawei’s exhibition at LEAP demonstrated the end-to-end capabilities, with representation from its enterprise, carrier, and consumer business groups, as well as its cloud and digital power

business units. The Huawei Digital Power business focused on the intersection between digital and power electronics technologies to help create zero-carbon ICT infrastructure in the Middle East and to support zero-carbon electricity generation in line with recent national sustainability commitments.

ICEWARP INAUGURATES NEW OFFICE IN DUBAI

ceWarp, a developer in unified collaboration tools and messaging solutions for enterprises, establishes its presence in the middle east with the opening of its first office located in the prime area of Business Bay in Dubai. IceWarp provides businesses with affordable, seamlessly integrated, and easy-to-use communications solution,

FEBRUARY 2022

that covers all aspects of business collaboration and productivity. Pramod Sharda, CEO - IceWarp India and the Middle East, said during the inauguration, “It is a tremendously thrilling moment for us at IceWarp as we take another step towards realizing our goals of expanding the company’s footprint in the MENA region. Our local, as well as global teams, are bullish on the expected growth from Icewarp's ME operations as we strengthen our presence in the area and look forward to capitalizing on the opportunities created in recent times for enterprise-email collaboration solutions and workfrom-anywhere setups.” IceWarp’s collaborative solution caters to companies of all sizes, that offer a supremely simplified ecosystem of email solutions that transforms how corporate teams share information and optimize business processes through its streamlined and seamless team collaboration tools.

www.VARonline.com

MEDTECH

NEWS BYTES

BD TO REINFORCE THE REGION’S HEALTHCARE STANCE WITH CUTTING-EDGE SOLUTIONS

he Dubai branch of BD (Becton, Dickinson, and Company), a medical technology company, is set to present its latest innovations and solutions focused on patient safety to support clinicians’ efforts to move from piecemeal interventions to a total systems approach for safety "The pandemic put the healthcare sector to the test in terms of stability and preparedness, demonstrating the need for healthcare providers to adopt advanced technology to meet the growing needs of patients," said Maher Elhassan, Vice President and General Manager, BD Middle East, North Africa, and Turkey. At Arab Health 2022, the company will demonstrate the full potential of its innovations through the collaboration of its Medical segment with Medication Management Systems and Medication Delivery Systems, and the BD Interventional segment. BD will display a series of solutions that will focus on the prevention of potential medication errors and HealthcareAssociated Infections (HAIs) alongside innovations that will empower medical professionals to perform timely, accurate, and appropriate diagnostics practices to support effective decision making in

providing the safest and most effective care possible in the region. Additionally, at Medlab 2022, the company’s Lifesciences segment will showcase integrated diagnostic solutions and services, including safe and integrated specimen collection, specimen diagnosis, and data management for better patient comfort. The company will also present solutions that incorporate artificial intelligence to drive laboratory efficiency with customized microbiology automation platforms and dedicated value-added services.

ZIMMER BIOMET OPENS ITS COMMERCIAL OFFICE IN DUBAI

immer Biomet Holdings, a medical technology provider, has opened a new commercial office in Dubai, United Arab Emirates. The decision follows years of growing sales of Zimmer Biomet’s advanced

technologies, surgical robotics, and implants to hospitals and clinics in the Middle East, North Africa, and Turkey. “This region has one of the most highly enabled digital populations. We are partnering with hospitals, clinics, www.VARonline.com

and health authorities to help them to benefit from Zimmer Biomet’s technology and data to improve efficiency and patient outcomes,” said Erik Antos, Vice President of Emerging Markets, Zimmer Biomet. The Dubai office will be led by Farah Hamdan, who joined Zimmer Biomet in January 2022 as General Manager for MENAT. “We are increasing our reach and investment across the region. This means we can partner with even more customers to meet the increasing expectations of patients for personal and connected digital experiences and deliver data-driven insights so they can also improve their efficiency,” Hamdan said. FEBRUARY 2022

NEWS IN DETAIL

SAFE SECURITY

SAFE SECURITY AND INFOSYS ANNOUNCE STRATEGIC COLLABORATION TO BRING RISK QUANTIFICATION SOLUTIONS Engagement to deliver an unmatched assessment of enterprise vulnerabilities to quantify cyberattacks and determine the financial impact

afe Security, a pioneer of cyber risk quantification solutions, has announced a strategic collaboration with Infosys, a global leader in digital services and consulting. Safe Security’s SaaS platform SAFE, combined with Infosys’s capabilities in quantitative cyber risk management hoping to enable organizations to get an enterprise-wide view of overall cyber risks, predict breaches using SAFE’s proprietary algorithm, and know the potential financial impact of each cyberattack before it occurs. An official release stated that SAFE provides organizations with real-time visibility into their biggest cyber risks across people, processes, technologies, cybersecurity products, and third-party. This is done by aggregating signals via APIs into a single dashboard, with actionable insights and potential financial impacts. The insights gained from SAFE also provide a common language for discussing cybersecurity risks with board members, auditors, and other internal and external stakeholders. By combining these insights with Infosys’ ongoing strategic guidance, joint customers will benefit from a more proactive cybersecurity approach. “Combined with Safe Security’s unique capabilities of measuring, mitigating, and managing cyber risks and Infosys’s expertise in delivering seamless customer

FEBRUARY 2022

Saket Modi Co-Founder & CEO, Safe Security

service through automation, innovation, and efficiency, we are bringing a powerful, and 360-degree cyber risk management solution to the market. This global strategic collaboration will help accelerate the adoption of predictive risk quantification solutions, and extend our leadership in this market,” said Saket Modi, Co-founder & CEO, Safe Security.

STRENGTHENING CYBERSECURITY INVESTMENT DECISIONS The Safe Security and Infosys collaboration claims to give security and risk management leaders new insights into the overall performance of their cybersecurity investments, to help prioritize those that maximize security and ROI. “We specialize in providing the business, technology, and infrastructure consulting expertise that our customers depend on to further their digital initiatives and growth,” said Vishal Salvi, Chief Information Security Officer & Head of Cyber Security Practice, Infosys. “Safe Security is an ideal partner to bring even greater insights to our customers to manage their cyber risks. Customers will now be able to identify the most critical gaps, prioritize them, and plan accurate remediation.”

www.VARonline.com

NEWS IN DETAIL

EQUINIX

EQUINIX OPENS A CO-INNOVATION FACILITY FOR ITS PARTNERS Sustainable innovations, including liquid cooling, high-density cooling, intelligent power management, and on-site prime power generation, will be incubated in the CIF in partnership with leading data center technology innovators.

quinix, a digital infrastructure company, opens its first co-innovation facility (CIF) at the Equinix Ashburn campus in the Washington, D.C. area. The company expects that CIF enables partners to work with Equinix on trialing and developing innovations. An official release from Equinix stated that sustainable innovations, including liquid cooling, high-density cooling, intelligent power management, and on-site prime power generation, will be incubated in the CIF in partnership with leading data center technology innovators including Bloom Energy, Zutacore, Virtual Power Systems (VPS) and Natron. Raouf Abdel, EVP, Global Operations at Equinix, commented, “the data center of the future must be sustainable. Equinix is committed to sustainability globally as evidenced by its target to be climate neutral across our business by 2030. We are well on our way with over 90% renewable energy coverage worldwide. And thanks to the work we’re doing with partners at the CIF, we’re continuing to make significant advancements in the way we design, build and operate our global platform, with high energy

efficiency standards.” Equinix offers the following to its partners from the facility: Generator-less and UPS-less Data Centers (Bloom Energy): Utilizing on-site solid oxide fuel cells enables the data center to generate redundant cleaner energy on-grid and potentially eliminates the need for fossil fuel-powered generators and power-consuming Uninterrupted Power Supply (UPS) systems. High-Density Liquid Cooling (ZutaCore): Highly efficient, direct-on-chip, waterless, two-phase liquidcooled rack systems, capable of cooling upwards of 100 kW per rack in a light, compact design. Eliminates the risk of IT meltdown, minimizes use of scarce resources including energy, land, construction, and water, and dramatically shrinks the data center footprint. Software-Defined Power (VPS) with cabinetmounted Battery Energy Storage (Natron Energy): Cabinet power management and battery energy storage system manages power draw and minimizes power stranding to near zero percent, leading to a potential 30-50% improvement of power efficiency.

www.VARonline.com

FEBRUARY 2022

INTERVIEW

FORTINET

HIGH-PERFORMING CYBERSECURITY MESH PLATFORM TO PROTECT ALL ENTERPRISE ASSETS

ortinet develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint security components. The Integrator engages Alain Penel, Regional Vice President – Middle East at Fortinet to discuss the company’s capacities to help enterprises against cyberattacks.

Speak about Fortinet’s capacities to offer comprehensive protection for enterprises in times of rising cyber attacks To fight today's evolving threats, organizations should look into a security platform based on a cybersecurity mesh architecture with security solutions that are designed to work together. A cybersecurity mesh architecture integrates security controls into, and across, widely distributed networks and assets. Defenders will need to plan now by leveraging the power of AI and machine learning (ML) to speed threat prevention, detection, and response. Advanced endpoint technologies like endpoint detection and response (EDR) can help to identify malicious threats based on behavior. Also, zero-trust network access (ZTNA) will be critical for secure application access to extend protections to mobile workers and learners, while Secure SD-WAN is important to protect evolving WAN edges. Together with the Fortinet Security Fabric, organizations can benefit from an integrated security platform that secures all assets on-premises, in the data center, and in the cloud or at the edge. What advice do you give to enterprises to secure their network and reduce vulnerabilities? Today’s threat environment is constantly changing, and from distributed denial-of-service (DDoS) attacks to ransomware, the frequency, volume, and sophistication of cyberattacks show no signs of slowing down. Every

FEBRUARY 2022

Alain Penel Regional Vice President – ME, Fortinet

organization, from small businesses to the largest enterprises and service providers, in every industry, requires network security to protect critical assets and infrastructure from a rapidly expanding attack surface. Organizations need to develop a Security-driven Networking strategy that tightly integrates an organization’s network infrastructure and security architecture, enabling the network to scale and change without compromising security operations. This next-generation approach is essential for effectively defending today’s highly dynamic environments – not only by providing consistent enforcement across today’s highly flexible perimeters but by also weaving security deep into the network itself. SMEs face large-scale cyber threats than large enterprises. How can they defend their physical and cloud networks? What are the solutions Fortinet offers to them in order to protect their digital ecosystem? SMEs struggle to implement strong, holistic security across their business for a variety of reasons and too often rely on piecemeal security cobbled together with multiple vendors' point products that do not operate cohesively. Ultimately, this results in inflated costs and stagnating growth, as investing in technology that would help the business be more productive is delayed by security. Cybersecurity for SMEs must therefore be simple, cost-effective, and easy to deploy. Fortinet’s small and mid-size business security

www.VARonline.com

solutions deliver a path to complete protection. Clear ROI is delivered without sacrificing security with tight integration, automation, and visibility across the entire cybersecurity footprint to improve effectiveness, reduce cycles, and scale as the company grows. Cloud-based, centralized management simplifies ongoing operations with business-driven rules and policies so businesses can quickly consume new technology while keeping the business safe from attack. Give insights into the partner collaboration Fortinet has made globally in the last two years Fortinet is committed to helping partners be able to meet new and changing customer demands created by the work-from-anywhere models through Fortinet’s Engage Partner Program and enablement tools for partners. As an example, last year Fortinet introduced new Specializations focused on high growth areas with additions, including “zero trust” access, operational technology, and security operations. Specializations help partners further distinguish their expertise among current and potential customers as trusted partners who have the knowledge, services, and technologies to fulfill customer business needs. Elaborate on Fortinet’s business strategies in the Middle East? In the region, we see strong interest in secure SDWAN, cloud, and OT areas. By transforming their

WAN architectures with SD-WAN, organizations can leverage such functions as dynamic path selection, optimized application delivery, and accelerated cloud on-ramp to deliver business-critical applications to the WAN edge - even for the most bandwidth-hungry applications - all while delivering instant ROI benefits. A secure SD-WAN solution goes further as it also includes a full stack of integrated, enterprise-class security features, and centralized management so it can be seamlessly incorporated into the larger corporate security framework. In 2021, we saw many attacks on critical infrastructure. Attacks against OT systems and critical infrastructure can have dire consequences for the lives and safety of both workers and consumers. OT organizations need to deploy cohesive solutions across their converging IT and OT networks. A platform approach is essential for OT organizations since their security considerations must extend beyond the on-premises system. Now they also must cover the operating system, the network infrastructure, and take the increased dependence on enabled Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into account as well. Cybercriminals certainly aren't going to let up in 2022. As digital innovation accelerates, organizations are increasingly reliant on secure cloud solutions and infrastructures. Fortinet Adaptive Cloud Security Solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from the data center to the cloud. How do you react to the increasing competition in the security solutions market? Competing in today’s highly dynamic digital marketplace requires tools built around security-driven Networking principles that are designed to adapt to constantly changing requirements. We tightly integrate security with networking and connectivity solutions to ensure that even the most dynamic environments and edges are always protected. By weaving security and networking together, security no longer functions as an overlay. Enterprises need more than siloed solutions in today’s complex environment. This is why the Fortinet Security Fabric is the answer to their security challenges: it ensures that solutions deployed anywhere, regardless of their form factor or the network they run on, can see each other, share threat intelligence, and coordinate a unified response to threats. It supports our unique security-driven networking approach that blends security, networking, and connectivity into a unified solution. Our advances in AI-based security technology are woven into the Security Fabric, helping ensure that organizations can receive essential, actionable threat intelligence, identify, and investigate unusual behavior, and coordinate a unified response across the entire distributed network to neutralize threats in seconds.

www.VARonline.com

FEBRUARY 2022

INTERVIEW

FORTINET

TECHNOLOGY

COVER STORY

Active Resistance Against Cyberattacks Through Robust Solutions and Best Practices The cover story helps readers understand the trend of cyberattacks, the impact of breaches, required strategies, and the need to inculcate best practices to create active resistance against cyberattacks.

PROTECTION OF CRITICAL SYSTEMS FROM CYBERATTACK

ybersecurity is one of the most often used terminologies in almost all industries in the context of rising cyber threats, including the exploitation of software vulnerabilities, ransomware attacks, and malicious intrusions in enterprise networks. While digital transformation and cloud business are taken to a new level, the “zero trust” approach becomes a widely appreciated strategy from small and medium-sized enterprises (SMEs) to large corporates. The time is crucial for cybersecurity professionals and services providers as intruders simultaneously exploit vulnerabilities in software or network systems and make use of the latest technologies to hijack. Reports suggest that office suits, IoT devices, and other communication agents in the enterprise networks are repeatedly found vulnerable when it comes to resisting breaches. Apart from that, the use of AI-powered cyberattacks also became common practice. Most of the cyberattacks, such as ransomware and malware attacks, are motivated by financial interests. Such attacks are designated to steal personally identifiable information (PII), Social Security information, and credit card details from servers. The stolen information is generally gets sold in underground digital marketplaces. But then, attacks happened on government enterprises and utility service networks are contemplated the political and diplomatic interests.

FEBRUARY 2022

Cybersecurity is the practice of protecting IT and network systems from potential cyberattacks; it guards data and sensitive information also from digital attacks. Today, an enterprise requires to install multiple agents in its IT system and educate its workforce to combat breaches that originate outside the organization. Cyberattacks at an enterprise not only cause loss of trust in partners but also bring a bad reputation in the industry especially if the breach is specific to personally identifiable information (PII) of customers. Therefore, enterprises have no choice but to stay upfront in protecting their critical systems. The average cost of a data breach was USD 3.86 million globally in 2020. The cost includes: • Expenses of discovering and responding to the breach • Downtime • Revenue • Reputational damage

MOST KNOWN CYBER THREATS Even though enterprises and cybersecurity professions establish strong measures against outside breaches, attackers find ways to exploit in-house weaknesses focusing on remote access tools, work-from-anywhere environments, etc. The following are some of the known cyberattacks:

MALWARE

They are malicious software variants, such as viruses, worms, Trojans, and spyware and they can be mostly detected using antivirus tools. However, malware presence in the computer can give unauthorized access to systems.

RANSOMWARE This is a type of malware that locks down files or data and threatens to erase or destroy the data unless a ransom is paid to the cybercriminals who designated the attack. Recently, ransomware attacks have targeted state and local governments across the world.

www.VARonline.com

PHISHING/SOCIAL ENGINEERING

CLOUD AND STORAGE SECURITY

Phishing scams often take place through emails or text messages that appear to be sent by a legitimate company asking for sensitive information, such as credit card data or login information. Studies find a surge in pandemicrelated phishing, tied to remote work.

Cloud service providers offer encryption of data on rest (in storage), in motion, and use. In case, an enterprise protects data within its premise need to be on constant alert.

INFORMATION SECURITY Data protection measures, i.e., GDPR, secure your most sensitive data from unauthorized access.

DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACKS DDoS attacks try to crash a server, network, or website by overloading it with traffic – most often from multiple coordinated systems. DDoS attacks overwhelm enterprise networks through the simple network management protocol (SNMP), used for modems, printers, switches, routers, servers, etc.

DISASTER RECOVERY

ENFORCEMENT OF SECURITY

END-USER EDUCATION

The network and IT systems can be safeguarded by several layers of security. For that enterprises need a well-thought-out strategy, including robust applications, foolproof network systems, and end-user education. Such efforts can keep intruders away from accessing, stealing, or destroying data. Alain Penel, Regional Vice President – Middle East, Fortinet, rightly pointed out, “To fight today's evolving threats, organizations should look into a security platform based on a cybersecurity mesh architecture with security solutions that are designed to work together. A cybersecurity mesh architecture integrates security controls into, and across, widely distributed networks and assets.” He added, “organizations need to develop a securitydriven networking strategy that tightly integrates an organization’s network infrastructure and security architecture, enabling the network to scale and change without compromising security operations.” The following are some of the areas that need a high level of attention subjected to cybersecurity.

Building security awareness across the organization to strengthen endpoint security. For example, users can be trained to delete suspicious email attachments, avoid using unknown devices, click suspicious links, etc. “Digital immunity and data protection will become the key pillar of growth, trust, and customer retention for businesses, and they will need to efficiently and seamlessly manage an ever-increasing threat profile and attack canvas,” opined Saket Modi, Co-founder & CEO of Safe Security.

SECURITY FOR CRITICAL INFRASTRUCTURES: Critical infrastructures handle data related to national security, public health, and the safety of citizens. Not only credible systems but also concrete measures need to be enforced to protect such information.

NETWORK SECURITY Both wired and wireless (Wi-Fi) connections have to be protected and ensure no intrusions in them.

APPLICATION SECURITY Enterprises should enforce relevant activities to protect applications whether they function on-premise or in the cloud. Security should be built into these at the design stage, with considerations for how data is handled, user authentication, etc.

Several cloud service providers offer disaster recovery services to enterprise customers. In case of unplanned events, natural disasters, power outages, or cybersecurity incidents, they can help businesses to recover data in its original form.

BEST PRACTICES “Zero trust” security strategy: It assumes compromise and sets up controls to validate every user, device, and connection into the business for authenticity and purpose. Organizations can combine security information to enforce validation controls.

BEHAVIOR DETECTION: Advanced detection methods such as user behavior analytics and artificial intelligence (AI) need to be imposed in enterprise environments to confront potential intrusions.

CONCLUSION Cybersecurity can be enabled with a proper strategy that needs the support of the right kind of solutions and awareness among the staff members of an organization. Let’s conclude the story attributing to the words of Emad Haffar, Head of Technical Experts, Kaspersky, “Deploy advanced cybersecurity controls to enable the discovery of sophisticated and unknown threats, facilitate investigations and allow timely remediation and response; such tools are anti-APT and EDR solutions among others. In addition, provide staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques.”

www.VARonline.com

FEBRUARY 2022

TECHNOLOGY

COVER STORY

INTERVIEW

KASPERSKY

KASPERSKY’S COMPREHENSIVE SOLUTIONS OFFER FULL SPECTRUM OF PROTECTION AGAINST CYBERATTACKS

aspersky is a multinational cybersecurity provider that develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. Emad Haffar, Head of Technical Experts, Kaspersky talks to The Integrator on the comprehensive protection solutions offered by the company to enterprise customers. Speak about Kaspersky’s capacities to offer comprehensive protection for enterprise businesses in times of rising cyber-attacks: The Kaspersky Expert Security Framework demonstrates our capabilities and strength as an industry leader in the cybersecurity realm. The Framework is a comprehensive solution that connects the three pillars pivotal to any successful cybersecurity strategy to face the full spectrum of today’s complex threats, APT-like, and targeted attacks. Our Expert Security Framework allows us to equip an organization’s cybersecurity team with cut-throat technology, backed by superior intelligence, capabilities, and expert guidance to run their ship on full power. The solution also allows us to study each customer and understand the length and breadth of their cybersecurity needs according to their size, industry, and the data they hold. What advice do you give to enterprises to secure their network and reduce vulnerabilities? First, an enterprise must understand the needs of a cybersecurity strategy and it can carry out a cybersecurity audit of their networks and remediate any weaknesses discovered in the perimeter or inside the network. The organization can proceed further with the following: • Deploy advanced cybersecurity controls, to enable the discovery of sophisticated and unknown threats

FEBRUARY 2022

• Facilitate investigations and allow timely remediation and response with tools such as anti-APT and EDR solutions among others • Provide their staff with basic cybersecurity awareness training on phishing or other social engineering techniques. SMEs face large-scale cyber threats than large enterprises. How can they defend their physical and cloud networks? What solutions does Kaspersky offer to protect their digital ecosystem? For SMEs as well as large enterprises, we have the Kaspersky Security Foundations, which provides highlevel visibility and unparalleled protection to everything connected to the network and the cloud. It provides any organization, regardless of their size, all they need to have a robust layer of fully automated detection tools. This covers the on-premise and off-premise (cloud) workloads. In addition, we have solutions like the Kaspersky Hybrid Cloud, Kaspersky Endpoint Security Cloud, Kaspersky Security for Internet Gateway, and Kaspersky Security for Mail Server - they make cyber protection borderless. Elaborate on Kaspersky’s business strategies in the Middle East and the verticals you focus When it comes to verticals, the financial sector has always been on our radar because cybercriminals are motivated by monetary gains. www.VARonline.com

Emad Haffar Head of Technical Experts, Kaspersky

With countries in the GCC heavily supporting smart city investments, attacks on critical infrastructure are also gaining steam, particularly in the Oil & Gas sector, which is one of the mainstay economic sectors for the region. In tandem, the government sector is also most exposed to widescale APT attacks because of the classified, sensitive information they store. In simpler terms, anything to do with finance and data easily draws attention from cybercriminal gangs. How do you react to the increasing competition in the security solutions market? There are many brands in the market, but with over 24 years of expertise and over 400 million customers, we stand strong and more capable in doing what we do best – protect our customers and what they value the most. Most importantly, our “cyber immune” approach helps us stand out. Kaspersky “cyber immunity” can help organizations build IT systems that are inherently secure and safe.

INTERVIEW

PALO ALTO NETWORKS

PALO ALTO STRIKES COMPETITION WITH ITS INNOVATIVE AND ROBUST SECURITY SOLUTIONS

alo Alto Networks, a multinational cybersecurity company, offers advanced firewalls and cloud-based security solutions. Haider Pasha, Chief Security Officer, Emerging Markets at Palo Alto Networks speaks to The Integrator on its latest offerings to SMEs and large enterprises in the MEA region. A recent research project of Palo Alto concluded that non-business devices (i.e., IoT) used by employees can create a major threat in enterprise networks. How did you arrive at such a conclusion and what is its base? Palo Alto Networks and technology research firm Vanson Bourne jointly released The Connected Enterprise: Internet of Things (IoT) Security Report 2021. In 2021, cyberattacks against IoT devices have gotten bigger and bolder – from hacking water treatment plants to security cameras and more. The report highlights the need for shared responsibility among work-from-home (WFH) employees and IT teams to secure the enterprise. Palo Alto Networks surveyed around 1,900 IT decision-makers from 18 countries, including UAE and Saudi Arabia, focusing on both SMEs and multinational firms in many sectors such as finance, healthcare, manufacturing, and government. Elaborate on Palo Alto’s principles about cybersecurity and speak about key solutions From the strategy perspective, we are big believers in the “zero trust” approach. We recommend organizations focus on their set strategy as the next way to digitize and evolve. The previous concept of layered defenses as a model does not work anymore because data is not any longer in a central location and it is everywhere. Therefore, the concept of zero trust needs further expansion besides the idea of conducting microsegmentation both on-prem and cloud. One of the key technologies we have under our brand name is Cortex XDR, which detects and stops the most advanced attacks to keep networks safe. With over 10 acquisitions made recently, Palo Alto Networks is all set to provide robust, innovative integrated-platform support to its customers.

FEBRUARY 2022

Haider Pasha Chief Security Officer, Emerging Markets, Palo Alto Networks

What types and sizes of enterprises do you work with? Palo Alto Networks supports firms of all sizes, from SMEs to multinational organizations. We are neither limited in terms of size nor the capabilities we can support. In addition to firewall support for businesses, Palo Alto Networks also offers cloud solutions. Our mandate is to consistently evolve, creating a safe and secure environment for our customers and partners. How do you observe the competition and evaluate the way security solution business progresses in the region? The competition in the cybersecurity segment has increased recently. Even though there are many security service providers, few organizations offer a comprehensive approach. For businesses with a small number of employees, it can be simpler to choose a vendor in comparison to a large-scale enterprise, which involves many different aspects to create a secure environment. Palo Alto Networks has had experience with all sizes of organizations and is continuously advancing its expertise and tools to meet the demands of all types of firms to secure their data and networks.

www.VARonline.com

INTERVIEW

GARTNER

GARTNER RECOMMENDATIONS FOR SECURITY LEADERS TO LEAD FROM AN OFFENSIVE POSITION As part of The Gartner Security and Risk Management Summit 2022, The Integrator conducted an interaction with Ravisha Chugh, Associate Principal Analyst at Gartner. Ravisha explains how enterprises can ensure online safety against data breaches. While cybercriminals exploit vulnerabilities even on office suites, how can enterprises ensure online safety against data theft and other cyberthreats? Data breaches have significantly increased over the last few years including data breaches related to both regulatory compliance and intellectual property data. Multiple data security controls and technologies will be required to address data security and privacy risks for the protection of data. Organizations should implement broader data protection themes including investing in solutions like Data Loss Prevention, data classification, data masking, and data access governance for overall data security. Speak about Gartner’s findings of security systems have built to protect data and networks in the era of “work from anywhere” With social distancing continuing throughout 2021, organizations are making permanent shifts to remote work. Gartner expects remote workers to increase by 41% in 2021 over 2019. This in turn has also given rise to multiple security incidents. Security and risk management leaders focusing on data security should explore security platforms beyond just traditional Data Loss Prevention solutions. They should also invest in solutions that are monitoring the employee behavior and thus tracking any malicious or intentional intent of attacker or insider threat.

Ravisha Chugh Associate Principal Analyst, Gartner

uring the opening keynote of the Gartner Security & Risk Management Summit Middle East, Tina Nunno, research vice president and Gartner Fellow, identified three steps for security and risk leaders to shift from a defensive to an offensive leadership approach. The following recommendations are based on “The 2021 Gartner Global Security and Risk Management Governance Survey: Strengthen your personal leadership approach: To maintain this momentum, security leaders must identify whether they are acting defensively or offensively and reposition their personal leadership towards the latter. Systematize offense for the team: Security and risk leaders can improve outcomes by assigning security responsibilities to stakeholders across the enterprise, including line-of-business leaders, executive leadership, and third-party vendors. Coach the enterprise through new digital risks: Gartner's research has found that enterprises are looking to increase their risk appetite into 2022. In this heightened risk environment, an offensive security approach will guide the enterprise through the resulting volatility and digital uncertainties. The 2021 Gartner Global Security and Risk Management Governance Survey was conducted between April and May 2021 among 615 respondents across North America, EMEA, APAC, and Latin America at organizations with at least 100 employees and $50 million in total annual revenue.

www.VARonline.com

FEBRUARY 2022

INTERVIEW

SELFDRIVE

MOBILITY SERVICES COME SMARTER AND EASIER; SELFDRIVE SHOWS THE WAY Selfdrive is an All Technology-Driven E-commerce platform offering Mobility as a Service (MaaS), licensed by RTA (in the UAE), allowing customers to rent cars on demand from 1 day to 36 months. Selfdrive partners with car manufacturers, dealers, and the top leasing companies making it the fastest-growing asset-light company, managing assets worth USD 350 million. Soham Shah, CEO at SelfDrive, an entity of Pinewoods Technology Services, shares the company’s regional expansion plans in an exclusive interview with The Integrator.

What is unique about “rent a car” services offered by Selfdrive.ae? The USP of Selfdrive is its association with Dealers and Original Equipment Manufacturers (OEMS) to offer brand new and almost brand-new cars to its customers from 1 day to 36 months. The artificial intelligence (AI) driven system, makes the reservation journey and documentation seamless for the customers to reserve the cars of their choice, ranging from 65+ Models of 16 different brands across the UAE, Oman, Qatar and Bahrain. Explain Selfdrive’s customer base and engagements with enterprise customers. Selfdrive aims to serve Local residents, Expat Population and the International travelers who are in need of a car, creating an alternate to car ownership by offering micro leasing and leasing solutions. Selfdrive offers an extensive option of services under its B2B Enterprise module which delivers an intangible flexibility in its leasing solutions for corporate and government sectors under its portfolio. How do you onboard dealers to your business and how well are you equipped with the latest technologies? Selfdrive’s “Proprietary Real Time Fleet Management

FEBRUARY 2022

Soham Shah CEO, Pinewoods Tech Serv Selfdrive

Technology” integrates to create a revenue channel by incorporating existing and new fleet with the platform, increasing the brand – customer engagement as well as reducing the holding cost of the asset. Moving in line with the global shift of buying vs alternative car ownership model, Partnering with Selfdrive has empowered the Dealers and OEMs to align with the trend shift and achieve substantial market share with no capital investment in technology. Let’s discuss the competition, and plans of expansion in the coming years. Selfdrive, the market leader in vehicle subscription technology has a competitive advantage by partnering with the Dealers and the OEMs. The tactical partnerships of the platform has given a deeper penetration into the market due its alignment with the customer trends and sentiments. Selfdrive as a brand, intends to go live in Bahrain, Qatar & Kuwait in Q1 2022 to establish its presence in the GCC Market and UK & Europe.

www.VARonline.com

FEATURE

A10 NETWORK

HOW MULTI-CLOUD APPLICATION DELIVERY IS IMPACTING ECOMMERCE PROVIDERS AS THEY PREPARE FOR MAJOR GROWTH Written by: Adrian Taylor, VP of EMEA at A10 Networks

commerce continues to be one of the most fastpaced and competitive global industries, with industry-watchers estimating that online sales will constitute a fifth of all retail sales worldwide by the end of 2022. As vendors strive to capture their share of market growth, they need to offer exceptional customer experiences that build loyalty and repeat revenue. However, delivering omnichannel excellence puts considerable pressure on infrastructure as site traffic increases and consumer expectations rise. At the same time, the sector is heavily targeted by cybercriminals seeking to disrupt, extort and damage online retail businesses. Consequently, striking a balance between operational efficiency, cost control, security, and customer satisfaction is a complex challenge. To resolve the tension between availability, performance, efficiency, and security, most e-commerce providers are accelerating their cloud transition programs with many opting for a multi-cloud strategy. These decisions are driven by the changing landscape in which they are operating and the nature and intensity of the cyber threats they face.

SECURITY CONCERNS: BRAND AND REPUTATION ARE CROWN JEWELS FOR E-COMMERCE COMPANIES Ecommerce providers are acutely aware that trust is intrinsic to building customer loyalty. Anything that damages reputations and threatens customer confidence has a long-term impact on revenues. It’s not surprising, therefore, that cyber defacement and brand damage are top concerns for 62% and 49% of the businesses surveyed respectively. Linked to this is concern over user data theft and credit card theft, identified as a top concern by 52% and 36% of respondents. Away from direct public-facing threats, more than

one-third of companies cited DDoS attacks as a key concern. This is not surprising, given the increase in DDoS attacks and the potential loss of revenue. The report indicated that some Adrian Taylor e-commerce providers VP of EMEA, A10 Networks are struggling to resolve this issue, with one in ten reporting that they had lost availability due to a DDoS attack. Given that this directly affects revenue generation, and creates a poor customer experience, organizations should focus on ensuring that their DDoS mitigation strategy and tools are effective.

PERFORMANCE PITFALLS: HIGH TRAFFIC AND SECURITY TRADE-OFFS ARE IMPACTING UPTIME On the performance side of the equation, 86% of the e-commerce businesses we surveyed reported a significant increase in traffic. This is undoubtedly a result of the pivot to online purchasing made by millions during the pandemic, but in an industry wellused to handling seasonal spikes it was surprising that businesses reported downtime caused by traffic spikes as a top issue in the past year. This is potentially related to the heavier performance demands from new technology standards, such as the encryption required by Perfect Forward Secrecy (PFS).

PRIORITIES HAVE CHANGED IN A MULTI-CLOUD ENVIRONMENT Managing performance and mitigating security threats have a different complexion in a multi-cloud environment compared to traditional on-premises systems. Our research found that the complexity of multi-cloud IT has reshaped the priorities of IT leaders.

www.VARonline.com

FEBRUARY 2022

SME CHAMPIONS

NEWS

CME EXPANDS IN NORTHERN EUROPE WITH THE OPENING OF SWEDEN OFFICE

ME, a Dubai-based technology consulting firm, has announced the official opening of a new office in Sweden. Located in Stockholm, the new office aims to drive the company's growth focusing on corporates, startups, and innovation hubs in Sweden and other Nordic regions. CME will also introduce its innovative health engagement solution, INGO Health, a wellness platform. Richard Karam, General Manager at CME Sweden said, “Continuing our international expansion is key to servicing the needs of our clients, and having a foothold in Stockholm puts us in a better position to support market participants in Europe. Sweden is a key international hub for digital transformation, and our office here will enable us to deliver our ever-expanding range of solutions to our growing key client segments in Scandinavia.” CME is currently concentrating on customer experience, process automation, data management, Artificial Intelligence, and the Internet of Things. The new phase of its expansion in Europe will support organizations and businesses in the Nordic countries to achieve their digital transformation goals at a different stage of the digital value chain from strategy to technology and operations. CME claims have delivered more than 250 innovative projects across the world. With the official office opening in Stockholm, CME now has offices in seven countries including China, India, UAE, and the USA.

FEBRUARY 2022

www.VARonline.com

SDA AND HUAWEI C NURTURING FUTURE

he Saudi Digital Academy (SDA) has signed a memorandum of understanding with Huawei to cooperate in developing local talent within the technology domain. The memorandum was signed between SDA CEO Mohammed Alsuhaim and Deputy CEO of Huawei in Saudi Arabia Steven Liu. The two organizations will work together on the launch of new projects within the Huawei ICT Academy Program that involves building a talent supply chain covering the entire process of learning, certification, and talent promotion. Through such projects, SDA and Huawei aim to support 8,000 Saudi trainees through the Huawei ICT Certification Program. The latest memorandum outlines the plans for Huawei to train and certify 100 Saudi trainers from SDA through its

SME CHAMPIONS

NEWS

PROVEN ROBOTICS OPENS FIRST ROBOTICS TECHNICAL SERVICES CENTER IN KSA

COOPERATE IN E DIGITAL TALENT Huawei Train the Trainer (TTT) program, focusing on areas such as AI, cloud, security, data center, and 5G. Mohamad Alsuhaim, CEO of Saudi Digital Academy, said, “this memorandum with Huawei will open up new opportunities for Saudi digital talent to both develop cutting-edge skills and to be leaders of the future digital economy.” “Local talent is constantly required to drive digital transformation on a national level. Through partnerships like this with the Saudi Digital Academy, we can create an even stronger digital ecosystem that serves both recent graduates and ICT professionals, contributing towards the progress of Saudi Arabia’s Vision 2030 which places a strong emphasis on the potential of the ICT sector,” said Eric Yang, CEO of Huawei Tech Investment Saudi Arabia.

Zaid Al Mashari Principal Proven Robotics

he Saudi-based robotic company hopes the new service center will help customers to enhance strategic sales and achieve their technical goals while benefiting from end-to-end local support and expertise in robotics and advanced technologies. Proven Robotics claimed, the facility offers a wide range of services including providing customers with original spare parts, onsite troubleshooting, inhouse maintenance from qualified and technically certified teams, as well as the installation and configuration of robots. “The GCC has made considerable strides in adopting and deploying robotics solutions in line with government blueprints such as Saudi Vision 2030. However, after-sales maintenance has remained a challenge in the region and most robotics hardware is currently being shipped back to its country of origin for servicing,” said Zaid Al Mashari, Principal Proven Robotics. The concept of robots and humans working alongside each other is fast becoming the new normal,” added Al Mashari. With its new service center, Proven Robotics aims to grow and expand within the region. The company also expects to establish global partnerships with worldwide leaders in the robot manufacturing industry to ensure improved efficiency and support to keep automated systems functioning at optimal performance levels. www.VARonline.com

FEBRUARY 2022

SME CHAMPIONS

NEWS

MICROSOFT EMPOWERS MILLIONS OF FRONTLINE WORKERS

ech giant, Microsoft has announced new features in Microsoft Teams and Microsoft Viva designed to serve frontline workers as part of its Work Trend Index Special Report, “Technology Can Help Unlock a New Future for Frontline Workers.” Emma Williams, Corporate VP at Microsoft claimed, “empowering frontline workers remains essential for digital transformation. Together with our partners, we are equipping frontline workers with tools that allow them to stay connected with their team and company leadership while concentrating on the customer or job at hand.” The following are the highlights of the report: • Microsoft is deepening its strategic relationship with Zebra Technologies Corp., including software and hardware such as rugged Android mobile computers for the frontline workforce. The two companies are delivering the Teams Walkie Talkie app on a wide range of Zebra mobile computers, including a dedicated push-to-talk (PTT) button to access Teams Walkie Talkie functionality on Zebra devices • Microsoft is enhancing Teams’ integration with Zebra Reflexis, which connects the Reflexis Workforce Management solutions with the Shifts application in Teams • The Viva Connections app in Microsoft Teams links frontline workers to company culture, resources and tools, news, and employee resource groups in the flow of work

FEBRUARY 2022

www.VARonline.com

GOVT OF AJMAN AN MOU TO IMPLEMENT PAYMENTS ON PUBL

isa the Transport Authority – Government of Ajman (TA) signed a memorandum of understanding (MOU) at the MENA Transport Congress and Exhibition 2022 to implement openloop EMV technology to Ajman Bus that will allow passengers to pay for their ride using their everyday contactless Visa cards or devices and achieve smart mobility in the city of Ajman. The implementation of openloop EMV technology would make the passenger experience seamless and reduce travel time by eliminating the need to stand in line to purchase tickets or top up their ticket. Visa will also work with Transport Authority – Government of Ajman to enhance the existing experience on the Masaar card by leveraging Visa technology to enable acceptance of Masaar cards at nontransit merchants. Dr. Saeeda Jaffar, Visa’s Senior Vice

SME CHAMPIONS

NEWS

NETAPP ONTAP RECEIVES VALIDATION FROM NSA FOR SECURITY AND ENCRYPTION

ND VISA SIGN T CONTACTLESS LIC TRANSPORT President and Group Country Manager for GCC, said, “Visa is delighted to work with the Transport Authority – Government of Ajman to drive the adoption of digital payments in transport, especially as we see the entire UAE moving towards a cashless economy. As social distancing and low-touch payments become the new norm, Visa's open-loop transit model has seen great results around the world.” Ms. Rasha Al Shamsi, Transport Authority – Government of Ajman Acting Director General, said, “We aim to introduce the smart and safe payment solution to the users of the public transport and enhance the digital economy by encouraging the public to use the modern payment methods, believing in the continuous development of services and adding value to our customers, we will work with Visa to extend the benefits of current ATAs Masaar Transit Card.”

Michelle Rudnicki VP-US Public Sector, NetApp

etApp has announced that ONTAP, its storage operating system, is the first enterprise storage and data management platform to achieve Commercial Solutions for Classified (CSfC) validation for a data-at-rest (DAR) capability package. With this CSfC validation, organizations can expect NetApp ONTAP to: • Allow agencies and enterprises to natively store topsecret data, confidently and reliably • Save time by making it easier to buy pre-approved solutions, reducing audits, and limiting the processes required to move or store data securely • Offer cost savings via reduced monitoring, lowering physical data transport and logistics costs, and providing the cost-optimal solution for storing data • Protect data at both hardware and the software layer for enhanced cyber-resilient data-centric security - a key component to zero-trust security architectures Michelle Rudnicki, Vice President, US Public Sector at NetApp said, “with NetApp’s world-class data security capabilities and this CSfC validation, government organizations, as well as companies in highly regulated industries like financial services, healthcare, energy or any organization with valuable intellectual property, can be reassured that their most sensitive data is secure with NetApp ONTAP.” www.VARonline.com

FEBRUARY 2022

FEATURE

NUTANIX

RETHINK HOW YOU CONSUME IT IN A CONSUMER-CENTRIC WORLD By: Mohammad Abulhouf, Senior Sales Director,

CONSOLIDATED THINKING AND CONSOLIDATED COSTS

KSA, Bahrain & Qatar at Nutanix

he consumption of products and services has changed for good. We live in a consumer-centric world where we switch on the television and watch the service we elect, whether that is Amazon Prime, NetFlix, or Apple TV. The point is that as consumers we have taken back the power of choice, explored what works for us, and are now able to pay as much or as little as we are willing to for the service we want. So why should IT be any different? If we have learnt anything from the last decade it is that consumer patterns shape IT behaviour – IT no longer dictates what can and what can’t be done. Think back to the discussions around Shadow IT. Which then sets the scene for the question “why are we as an industry still billing and selling technology in protracted contracts and licenses?”

LIVING ROOM IT Let’s talk in comparisons for a bit, as consumers we buy mobile services from a carrier, content from a streaming service, fibre from a provider and we pipe it all down to a device which can be connected in myriad ways. The whole concept can be compared to how the multi-cloud universe works. But we still love out boombox at a house party or a braai, we are loathed to get rid of our DVDs, and we proudly collect vinyl, which is very much the on-premise part of the consumer existence. None of which is going to be replaced easily – nor should it be. But it is a world of overlap and inefficiency with multiple sources, subscriptions and commits to multiyear contracts that are sometimes wholly underutilised.

FEBRUARY 2022

Mohammad Abulhouf Senior Sales Director, KSA, Bahrain & Qatar, Nutanix

ONE APP TO RULE THEM Much like modern IT, all of these services are a nightmare to manage. If you are in a multi-cloud environment with multiple SaaSbased contracts and subscriptions, you understand the enormity of the task at hand. Knowing what you are spending the most on and what your teams are actually using to its full potential is a feat in accounting. Now add license management to the mix and consider that vendors are trying to eke out more of your wallet than before by selling you additional capabilities and you are in an endless fight with a bloated balance sheet, yet still unsure if you see the value. As an industry, we need to seriously start considering bringing all these services together. If as a consumer you were given a single service which you could buy all your services through, see you spend, manage your usage, and then use this data to see where there is overlap and where there is underutilisation – would you buy it? www.VARonline.com

What IT is sorely lacking is consolidated thinking. Many services profess to help you create a view of your multi-cloud resources, SaaS apps and collaboration services, but few give a control plane for full visibility. We might know where things are, how they are working, but we need to start pooling this data to start identifying overlap to minimise inefficiencies in both cost and resources. Now add to this the fact that we are still selling five-year licenses which we try and bloat every year by adding additional services to keep our balance sheet healthy. CIOs and IT professionals are starting to kick back – and it is about time. As much as consumers we want to pay for only what we consume so do CIOs want a model where they can scale services up or down, remove unnecessary investments when they have run their course and invest that capital elsewhere when needed. The subscription service has been made easier to digest because of the cloud, but now we need to start adopting it into all aspects of IT. The real value IT can give a customer is flexibility. The value to the end-user is then multiplied by their ability to adapt to change. Such as the immense change they have endured over the past eight months as a result of the pandemic.

RETHINK REQUIRED How does the future of enterprise IT look? It is a centralised environment that is managed as much by data on your services than the services themselves. It is controlled through a single plane, it is managed centrally, and it is billed monthly. Allowing business, the ability to adapt, change, move and scale as and when they need to. Not when they are dictated to do so.

FEATURE

INFOBLOX

DNS IS AN INDISPENSABLE PART OF A MODERN SECURITY TOOLKIT Written By: Cricket Liu, Chief DNS Architect at Infoblox

s I am fond of saying, back in the early days of BIND name servers - when I got my start in DNS - they had a whopping two security features: They didn’t accept responses from IP addresses they hadn’t queried (colorfully known as “Martian responses”) and they stuck a random, 16-bit number into outbound queries and verified that the number came back in responses. For a very long time, DNS servers were mostly the target of attacks. There were the “three K’s”: cache poisoning attacks dreamed up by Eugene Kashpureff, Amit Klein, and Dan Kaminsky. (I should point out that only one of them, Kashpureff’s, was ever used in anger. Klein and Kaminsky discovered theirs and reported them responsibly.) There was the Li0n worm, which capitalized on a vulnerability in BIND. And of course, DNS servers of all stripes are commonly both used as amplifiers in DDoS attacks and are themselves the targets of DDoS attacks. Within the DNS community, we concentrated largely on the security of DNS servers and the DNS system. BIND was enhanced to support access control lists on almost everything: queries, recursive queries, zone transfers, and dynamic updates. We began running DNS servers in chrooted environments, using the principle of “least privilege.” And we introduced Transaction Signatures (TSIG) and the DNS Security Extensions (DNSSEC) to help safeguard DNS data. It’s only been very recently in DNS’s history that we’ve realized the potential of DNS servers as security tools. With the advent of Response Policy Zones in 2008, we could instrument our DNS servers to issue “benevolent lies” when queried for information we knew could harm the querier and, perhaps equally importantly, we could tell when someone queried our DNS servers for data we knew was malicious. This begat a blossoming of companies that produce DNS threat intelligence in the form of RPZs and distribute them to subscribers, either for a fee or free of charge (Infoblox does this, as do partners including Farsight Security). Now you can plug a variety of RPZ “feeds” into your DNS infrastructure and enable your DNS servers to protect your users and systems from known malware distribution sites, command-and-

Cricket Liu Chief DNS Architect, Infoblox

control infrastructure, and much more. RPZs are also enormously useful in helping detect infections and breaches. A laptop that sends a query for a domain name uniquely used by a particular species of malware is almost certainly infected with that malware. The most advanced companies and vendors feed DNS telemetric data—what we in the biz call “passive DNS”—into data stores and then run machine learning algorithms over it. Sophisticated ML algorithms can detect all kinds of malicious activity in passive DNS data: queries sent by malware’s Domain Generation Algorithms (DGAs), for example, or queries for lookalike domain names masquerading as well-known, legitimate destinations. All of this, I think, proves that DNS is an indispensable part of a modern security toolkit, playing both an active and a supporting role in keeping networks secure and tracking malicious activity. I hope that you’ll take a look at your DNS infrastructure and think about how you could enhance it to tighten your defences.

www.VARonline.com

FEBRUARY 2022

FEATURE

ACRONIS

HOW YOUR EMOTIONS CAN BETRAY YOU IN THE DIGITAL WORLD By: Candid Wüest, VP of Cyber Protection Research, at Acronis

pening a heartfelt email and clicking on the link asking you for help? An email supposedly from your bank asking you to renew your password? A text message from the government sending you an appointment for a medical test with a link to register? All these are examples of how emotions are used to lure us into providing access to our personal information or devices. The use of emotions and alerts via emails or mobile is going to continue to grow as a trend within the cyber security space. We discovered its extent when the pandemic started in 2020 when cybercriminals were extensively leveraging Covid-19 to send infected links and used phishing attacks, but it continues even now and will continue. People and especially Small-Medium sized Enterprises (SMEs) use a lot of sensitive applications like banking, to monitor their businesses; so, attackers are opportunistic and use any event or news to lure users onto malicious sites. Now, to avoid being in a difficult situation in the first place, both businesses and individuals need the right cyber protection strategy which includes anti-malware and anti-virus protection. Then, they need to be ready for any scenario and incapacity to easily recover any data during a ransomware attack. Companies critically need to think of having a highly customized DR plan and the right enabling capabilities ideally all under one single tool to avoid increased costs and accrued risks. We have developed a holistic approach to cyber protection composed of five vectors: Safety, Accessibility, Privacy, Authenticity, and Security (SAPAS). This allows for a well-rounded comprehensive protection experience going beyond traditional backups or classical AntiVirus solutions which only focus on one part of the situation. Our Active Protection uses artificial intelligence and machine learning to identify malware by how it behaves, looking for suspicious activities, as opposed to matching it against a known threat database. Most threats are linked to malicious emails or unpatched systems and software. We protect our customers from such threats through integrated cyber-protection software. It allows disrupting these attacks at various stages depending on the type of attack at play, providing in-depth defense. The “safest”, most stable, and the most successful organizations make their decision based on data. Anyone in an SME and at all levels should understand the basis

FEBRUARY 2022

Candid Wüest VP of Cyber Protection Research, Acronis

of cyber security. In business in general but especially around the cyber security topic, Management teams have access to a lot of various information and need to manage their emotions at the same time. Using different solutions for data protection and cybersecurity simply creates more complexity and broadens the threat factor. SMEs need a single solution that ensures the optimal protection for all data, applications, and systems from one console. Patching, using strong authentication, and employing strong malware protection are still the most important measures to take. Most attacks are still falling in the category “not sophisticated” and are due to human action and playing with one’s emotions: they start with a phishing email, with an easy to guess or a reused password known to attackers from another compromised source or an old and forgotten service exposed to the internet. Then, attackers start stealing the data or gaining enough access to run ransomware. The easiest way to avoid damages is to stop the attack before it even started with pre-emptive measures or at the initial point when it starts, but of course, in-depth defense or forensic is important as well.

www.VARonline.com

FEATURE

ARUBA

SD-WAN: THE BRIDGE TO A 5G FUTURE By: Jacob Chacko, Regional Director - Middle East, Saudi & South Africa at Aruba

fter over a decade of 4G connectivity, leaders in global telecoms are now racing to roll out the fifth generation of broadband cellular technology and meet today’s twin challenges of increased network activity and bandwidth demands. The pressure to upgrade has only become greater due to the pandemic, which shifted the global workforce from the office to the home, and in doing so greatly increased the number of digital touchpoints. Research conducted by Markets & Markets indicates that the enterprise 5G market is expected to grow from $2.1 billion in 2021 to $10.9 billion by 2027, at a CAGR of 31.8%. In the short term, the task at hand for service providers involves enabling IoT communications, fixed wireless access, edge analytics, and enhanced mobile broadband. To achieve this, service providers will have to lean on existing technologies. SD-WAN is one of the key technologies that have the potential to aid service providers in their delivery of a higher quality network experience to meet everincreasing user expectations.

5G: UNTAPPED POTENTIAL According to a study conducted by IDC, it is estimated that there will be 51 million IoT devices by 2021. The advent of edge computing will serve to enable this influx of IoT devices. However, as connectivity increases, so too does the amount of data that must be processed, both in real-time and close to the source. Facilitating huge volumes of data at high speeds is a key function and much-promised benefit of 5G. Yet despite providing higher bandwidth to operations, 5G is limited in range. It is expected that 5G networks will be powered by hundreds of thousands of small cells. However, the denser the network of cells, the more difficult they become to manage, operate and maintain, therefore the crux of the issue becomes not only the optimization of these networks but also the automation.

SD-WAN: THE ENABLER Connection and integration across the relevant compute edges are integral to any 5G operation. SD-WAN platforms can help service providers by allowing for automation and aiding in the optimization of traffic

and management of 5G cells. Unlike a traditional router-centric WAN architecture, a Software-defined Wide Area Network (SDWAN) is designed to support applications in on-premises data centers, public or private clouds, and SaaS services. SD-WAN identifies applications and provides intelligent routing, with each class of application receiving the appropriate Quality of Service (QoS) and security policy enforcement. This quality in particular is vital in the enablement of 5G. Through SD-WAN’s ability to incorporate machine learning, it enables networks to adapt to varying circumstances and automatically route high-bandwidth traffic to 5G cells and the edge. Ensuring high-quality user experience for 5G is paramount, therefore service providers must evaluate SDWAN vendors on the following: • Granular, intelligent application-driven routing. The ability to automatically prioritize traffic based on bandwidth should be a key area of concern. Lower bandwidth traffic should be routed to other available transport such as LTE or broadband, allowing for highbandwidth traffic like video streaming to be routed through a 5G cell. • Centralized management. Facilitating the management, maintenance, and operation of edges and 5G cells by intelligently rerouting traffic during provisions and upgrades. When enterprises deploy new applications or when a security policy change is necessary, a businessdriven SD-WAN enables these changes to be delivered in minutes, while simultaneously minimizing the opportunity for human error. • Machine learning. Automation is key. Any SD-WAN vendor must guarantee that their network can adapt to varying conditions in real-time and provide optimal routing to the edges and 5G cells. • Security integration with business-intent networking. Cybersecurity is an ever-present issue. By directing traffic to the right security services and enabling applicationdriven security policies enforced from a centralized position, service providers will not have to compromise on either cost or performance. • Virtual WAN overlays. Quality of service is hugely important, and network resources must be flexible and optimized. 5G networks depend on network slicing, whereby each slice receives a unique set of resources.

www.VARonline.com

FEBRUARY 2022

FEATURE

FORTINET

KEY BUSINESS RISKS BEHIND THE INTERNET OF THINGS By: Joe Robertson, Director of information security and EMEA CISO at Fortinet

igitization is transforming how businesses operate. This transition is often referred to as the Fourth Industrial Revolution or Industry 4.0 because it represents the fourth manufacturing revolution. The first industrial revolution was mechanization, the second was mass production and assembly lines using electricity, and the third was the adoption of computers and automation. Now the Fourth Industrial Revolution is upon us, with the digital transformation of businesses largely consisting of automation, artificial intelligence (AI), and rapid technological innovation. Industrial processes and machines are becoming smarter and more modular, with automation and data exchange that include the Internet of Things (IoT) and the Industrial Internet of Things (IIoT). These smart, always-connected devices provide real-time contextual information with low overhead to optimize processes and improve how companies and individuals interact, work, and live.

Joe Robertson Director of Information Security and EMEA CISO, Fortinet

WHY IS IIOT SECURITY IMPORTANT? Digital has not gone unnoticed by cybercriminals, who seek to exploit IoT and IIoT as weak links in the data chain. The increasing volume of structured and unstructured data being generated by these devices, and their oftentimes anomalous behavior spanning across global ecosystems challenges even the best organizations. Further complicating the situation is that many of these devices are wireless (WLAN or 5G) and often have communication channels to their manufacturers for maintenance and troubleshooting purposes, which can make them a potential backdoor into the production network. Most organizations are not well prepared for IoT and IIoT device vulnerabilities. The ubiquitous interconnectivity among devices, users, and distributed networks presents a substantial challenge for traditional siloed security solutions. Focusing defenses on a single point in the network is becoming increasingly ineffective.

IOT AND IIOT SECURITY RISKS TO BE AWARE OF From a security perspective, IoT and IIoT devices present several risks. One problem is that most of these devices were not designed with security in mind. Many of them are headless, which means they do not have a traditional operating system or even the memory or processing power required to include security or install a security

FEBRUARY 2022

client. In addition, an alarming number of devices have passwords hard-coded into their firmware.

HOW TO MITIGATE IOT AND IIOT SECURITY RISKS It is important to view IIoT as part of your broader security environment rather than as isolated units. Here are a few additional recommendations for securing this technology: • Segmentation of the production environment, with all IIoT and wireless devices in segments outside of the SCADA or ICS network. In many cases, microsegmentation should be performed to further restrict communications between devices to further isolate and confine them to only authorized communications. • Network Access Control for accurate information on what is connecting to the network and verification of each device’s security posture before allowing it to connect.

GOING FORWARD Unfortunately, IIoT devices are typically not designed with security in mind, and finding ways to secure every device on your network is daunting. Because of this, organizations must take immediate action to protect their systems from attack.

www.VARonline.com

FEATURE

CLOUDERA

DATA: A CRITICAL CYBER SECURITY TOOL By: Ahmad Shakora, RVP Emerging Markets at Cloudera

ata is playing for identifying known an increasingly dangers, but a behaviorimportant role in enabling based AI approach can companies to secure their adjust to new risks by virtual four walls against searching for irregularities a cyber-attack. It is an such as alterations in essential component for a server's or endpoint gaining deeper insights device's behavior. AI helps into an organization’s in retracing the series network and increasing of actions that occurred its capacity to look for during an intrusion, which dangers rather than improves a business’s merely responding to capacity to avoid future them. incidents. With AI, Each cybersecurity tool enterprises will be able collects data from a unique to employ more complex perspective. Typically algorithms in their search the insights generated for weaknesses and cyber Ahmad Shakora from these tools tend to threats RVP Emerging Markets, Cloudera sit in silos. However, if Numerous intrusions businesses combine all the can arise as a result of poor point solutions, companies cybersecurity hygiene and can create a fuller picture of what is happening across programming errors. Avoid typical issues by examining their networks to detect, identify and respond to threats. system logs, for example, to discover glitches before they That’s incredibly powerful. And if enterprises can become risks or to reveal aberrations such as workers do this over some time, then they can understand how who have access to the network that few or none of their and why an attack took place but most importantly how contemporaries have access to. Whenever AI is used to to prevent it from happening again. But that’s not all. evaluate large amounts of data, institutions may more When all this information is combined from the different easily guarantee that they are practicing good cyber systems, it is possible to see a threat developing that they hygiene. haven’t previously seen before. Cyberattacks are constantly growing in sophistication, To ensure that they can transition to this proactive but companies have valuable data within their four walls posture, organizations should seek to move to a realthat can be used to help them get on the front foot and time ingestion process. They should choose a platform develop stronger cybersecurity strategies. that can ingest many sorts of data in various forms and convert it into a template that is consistent across all resources. Furthermore, the platform must be able to scale up and down in response to varied volumes of data to ensure optimal performance and cost-efficiency.

THE RISE OF AI Once the enterprise has collected its data on a scalable, adaptable platform, it may use artificial intelligence to extract insights from the data. AI accelerates analysis and is especially useful when organizations transition from signature-based to behavior-based threat detection. A signature-based system technique is useful

A behavior-based AI approach can adjust to new risks by searching for irregularities such as alterations in a server's or endpoint device's behavior. AI helps in retracing the series of actions occur during an intrusion.

www.VARonline.com

FEBRUARY 2022

FEATURE

DEFENDING APPLICATIONS FROM COMPLEX AND MODERN ATTACKS By: Rajiv Kapoor, Senior Product Marketing Manager, NGINX at F5

he earliest Denial-of-service (DoS) attacks flooded servers with requests for TCP or UDP connections (so-called volumetric attacks) at the network and transport layers (Layers 3 and 4). Increasingly, though, DoS attacks use HTTP/HTTPS requests or API calls to attack at the application layer (Layer 7). Bad actors also launch distributed denial-of-service (DDoS) attacks by linking many computers into a botnet that sends requests. With DDoS attacks, the possible number of requests is greater and the distributed nature of the attack makes it more difficult to identify the source of the requests and block them. Across the world, DoS attacks are on the rise and negatively affecting user experiences: • DoS attacks are among the most popular partly because of the proliferation of APIs • Layer 7 attacks have increased by 20% in recent years, and the scale and severity of their impact has risen by nearly 200% • The digital shift prompted by COVID-19 saw a surge in DDoS attacks in 2020 Layer 7 attacks abuse apps, APIs, and other application resources in ways that hamper user experience and prevent you from collecting revenue. Proper DoS protection is therefore vital to ensure users can access the services they need without interruption.

A NEW KIND OF ATTACK Layer 7 cyberattacks have evolved in response to the increasing complexity of the Internet and the sophistication of application architectures. Volumetric attacks at Layers 3 and 4 – for example, UDP reflection, and ICMP and SYN

FEBRUARY 2022

speed, and as environments shift into new landscapes, new vulnerabilities and opportunities for attacks arise.

THE HIGH COST OF LAYER 7 ATTACKS

flooding – are not as prevalent as they used to be. Why? Infrastructure engineers have had years to build defense mechanisms. That makes them more expensive for attackers, in terms of time and money, so they’ve moved on. However, Layer 7 attacks are more complex to design than network attacks, and many tools that can handle Layer 3/4 attacks don’t protect modern application architectures. Layer 7 DDoS attacks are more difficult to detect because bots and automation allow attackers to disguise themselves as legitimate traffic, especially when they’re using sophisticated security penetration tools. If a hacker can assemble a botnet – thousands of compromised machines under the hacker’s control – it’s easy to initiate attacks on a huge scale. Today, devices and applications are developed at unprecedented www.VARonline.com

With the world on lockdown during most of 2020, consumers bought more products online, and enterprises had to accelerate their digital transformation to keep pace with demand. Unfortunately, cyber attackers exploited the increased reliance on the Internet, and DDoS attacks surged too. Layer 7 attacks are cheap to launch but expensive to mitigate for the site owner, and without protection, recovery from an attack can take from days to weeks. So, what is the ideal solution? What are the key components that protect against Layer 7 attackers? On a basic level, you need a tool that recognizes when your site is under attack – something that’s able to distinguish between legitimate and malicious traffic. It must be able to do this not just in traditional environments with their more unified structure, but also in modern, distributed app architectures employing microservices and Kubernetes. With the shift away from monolithic applications, a new approach must be used that is as adaptive and dynamic as the modern environments it protects. Remember, when it comes to Layer 7 DoS protection, it’s essential to integrate flexible and adaptive products that can endure modern, ever-changing landscapes. Business owners deserve the confidence that – with every digital shift – their site remains accessible, fast, and safe.

DOOH ADVERTISING DATA FUELS CREATIVITY AND ENGAGEMENTS WITH AUDIENCES: ALFI STUDY

oday’s consumer is more tech-savvy and wary of the traditional methods companies use to reach them. However, intelligent technology in the digital out-of-home (DOOH) sector is helping advertisers design smarter ads without tarnishing the consumer relationship. Research from Alfi, an AI enterprise SaaS advertising platform, reveals that 96% of senior advertising executives believe data from DOOH ads are fueling greater ad campaign creativity and enabling brands to engage with an even more defined audience. “The DOOH sector is setting itself apart from other forms of advertising with a new degree of flexibility, affordability, and immediate insight into valuable consumer behaviors,” said Peter Bordes, Interim CEO, Alfi. “With AI and machine learning components, advertising and brand messaging can not only be personalized but scaled to meet the needs of a specific campaign or brand, while satisfying the consumer desire for new relevant content that can impact their lives.” When asked about the impact of different factors in fueling growth in the DOOH market, 58% of senior ad executives state the quality of the evaluation/ measurement tools available is ‘very important’ (e.g., who was receptive to an advertisement, how it was received, and how it affects the behavior of an individual as they go about their daily lives). Additionally, 56% say this about the quality of data available to develop, implement and run campaigns. Furthermore, 55% say the ability to deploy campaigns with ultimate flexibility and immediacy – by the day or even the hour (dayparting) – due to the detail OOH technology provides is also “very important” in driving

growth in the DOOH market. Alfi says this increasing relevance creates new opportunities to connect on a more personal level with consumers and for brands to truly understand new and loyal customers. “As the DOOH advertising sector enjoys unprecedented growth, Alfi is leading its transformation by enabling brands to serve anonymized yet hyperrelevant ads to consumers in-person, driving sales and relevance without capturing any personal information,” said Bordes. “As we enter the next phase of our company’s growth, our expanding technology team is diligently working to implement our market-leading AI advertising solutions in airports, malls, and a variety of retail and rideshare settings around the world to provide brands with more relevant data, and consumers the out of home ad experience they want.” Powered by efficient audience matching, DOOH ads can reach target audiences at the right time with the right message, allowing brands to capitalize on the narrow window of connection with consumers. Alfi’s cutting-edge computer vision with machine learning technology provides content publishers and brands valuable insights with data-driven audience matching, and analytics beyond legacy targeting in a privacycompliant manner. Methodology: Commissioned by Alfi, PureProfile, a global research company, conducted 100 interviews amongst senior advertising professionals from across the U.S., U.K., Canada, China, France, Germany, and the UAE. Interviews were conducted online in September 2021. Alfi, Inc. provides solutions that bring transparency and accountability to the digital out-of-home advertising marketplace.

www.VARonline.com

FEBRUARY 2022

RESEARCH TECH

ALFI

TECHNOLOGY

EYE TECH

DURABLE INDUSTRIAL MEMORY CARDS FOR EHEALTH

esponding to development trends, TEAMGROUP is launching industrial memory cards in line with the eHealth industry demands and is working with strategic partners from different fields to accelerate the digital transformation of healthcare systems. The industrial business division of the company aims to spotlight the needs of the eHealth industry by offering industrial memory cards that are low power consumption and has high write-in durability. These memory cards support recording data for 14 consecutive days, guaranteeing that all ECG records are written in and stored into the memory cards. An official release claimed, “The industrial memory cards

can be applied to ECG recorders for continuous long-term monitoring and write-in, effectively increasing chances of detecting dangerous arrhythmia symptoms such as palpitations, ventricular tachycardia, etc.” It adds, “this is an innovative diagnostic tool for cardiologists, inject new blood into the field of eHealth.”

KEY FEATURES INCLUDE • • • •

Durable and high speed Offer low power consumption ECG records can be stored Support as a diagnostic tool for cardiologists

VIRSEC WISHES TO END ATTACKS ON SERVER INFRASTRUCTURE WITH DPP irsec releases Deterministic

Protection Platform (DPP) to ensure better protection against all known and unknown threats to software workloads and reduce threat actor dwell time from minutes to milliseconds, with true protection and runtime observability. Combining attack coverage and accuracy in the industry, DPP by Virsec offers to protect server workloads across the entire runtime stack, eliminating false positives, when deployed on bare metal, virtual machines (VMs), containers, or in the cloud. DPP promises to make security response obso-lete by improving the protection and it is available via an

FEBRUARY 2022

www.VARonline.com

TECHNOLOGY

EYE TECH

INVIXIUM EXPANDS TOUCHLESS BIOMETRIC SOLUTION PORTFOLIO WITH IXM TFACE

nvixium expands its portfolio of touchless biometric offerings with IXM TFACE. An official release claimed, the solution provides the high security, convenience, and functionality of face recognition as well as fingerprint recognition and mobile credentials at an affordable price point. Inspired by IXM TITAN, TFACE is the ideal solution for enterprises of all sizes. Shiraz Kapadia, CEO & President at Invixium said, “not every workforce demands the power of TITAN – TFACE is our response to this because it combines the security of face recognition with an affordable price point for first-time biometric installations or new installations that replace antiquated biometrics with face recognition.” TFACE seemingly is designed to satisfy a variety of access control and workforce management needs with fast and accurate dual-biometric authentication. The performance of TFACE is the result of two SONY 8MP cameras (RGB and infrared) and a 500dpi optical fingerprint sensor which ensure reliable and accurate face recognition and fingerprint authentication in less than 1 second. The solution is powered by a quadcore 2.2GHz processor and runs secure Android OS to expertly blend security for the business with ease of use

annual subscription. “Security practitioners are exhausted at the failed promise of ‘protection’ when many vendors merely offer alerts after an attack on their applications. As we’ve seen with Log4j, PrintNightmare, and other recent attacks, this approach is not working,” said Dave Furneaux, Co-founder, and CEO of Virsec.

DPP’S OTHER FEATURES INCLUDE: · Full application stack protection at runtime, automatically protecting vulnerable workloads covering all facets including applications, files, processes, and memory space that are typically targeted by attackers · Only trusted execution is allowed, ensuring zero adversaries dwell time and stopping an

for its staff. Other desirable features include high-speed touchless face recognition and mask detection, both of which are relevant to today’s ever-evolving mandates for touchless security and mask-wearing at worksites.

ADDITIONAL FEATURES OF IXM TFACE INCLUDE: • • • • • • •

Mobile credentials (digital card and dynamic QR code) Mask detection Liveness detection for anti-spoofing Auto-on Time of Flight (ToF) sensor PoE+ for ease of installation Corning Gorilla Glass LCD Intercom for door communication

attacker’s malicious actions within milliseconds against both known and unknown threats— specifically protecting against ransomware, remote code execution, supply chain poisoning, and memory-based attacks · Uniquely detects advanced attacks at the web, host, and memory levels that bypass Extended/ Endpoint Detection and Response (X/EDR), Web Application Firewall (WAF), Intrusion Detection, and Prevention System (IDPs), Endpoint Protection Plat-forms (EPP), and Antivirus (AV) solutions. It can reduce, or entirely negate, the need for patching · With its read-only approach to mapping the software workload, DPP by Virsec does not harm applications while providing true protection. This unique approach also al-lows for fast deployment, performance maintenance, and automation at scale

www.VARonline.com

FEBRUARY 2022

RESEARCH TECH

RACKSPACE TECHNOLOGY

BESPOKE AI SOLUTIONS FUELS MIDDLE EAST AI AND ML SKILLS GAP: RACKSPACE RESEARCH

he research titled, AI/ML Annual Research Report 2022,” from Rackspace Technology has revealed how demand for bespoke Artificial Intelligence (AI) and Machine Learning (ML) solutions is fuelling a skills gap. The majority of Middle East IT leaders report that their organizations intend to build AI/ ML solutions from the ground up, with just 9% opting for off-the-shelf solutions. The research indicates that demand has been fuelled by the trend towards AI/ML maturity - 83% of Middle Eastern IT leaders are actively seeking to hire people with AI and ML expertise. Simon Bennett, CTO, EMEA at Rackspace Technology, commented, “many organizations are moving into the next stage of maturity for their AI and ML implementations to drive real return on investment, and we are seeing this reflected in the more prominent role AI plays in business and IT strategies. But

FEBRUARY 2022

this shift means that the use of AI is no longer a competitive advantage. The lack of investment in AI has become a significant competitive disadvantage. The following are the key observations in the research: • More than one-quarter of organizations (13%) report a lack of skills as having created challenges for exploiting the results of AI and ML programs. IT leaders need further upskilling for team members in AI and ML programming and software design (44%), ML (40%), data quality analysis (46%), and data governance and security expertise (44%). • The majority (68%) of IT leaders report that AI and ML are now part of their current business strategy, with the majority of companies (71%) reporting having realized substantial benefits from AI and ML to their operations. Those that have implemented it report a positive impact on revenue (77%), the ability to reduce expenses (68%), www.VARonline.com

brand reputation (73%), and brand awareness (74%). • Organizations are now moving into a stage where they are optimizing and scaling their AI and ML models with (35%) or moving from proof of concepts and pilots to formalize the solution in production (27%). To further realize the technology’s potential, IT leaders are investing a greater proportion of their IT budgets in AI and ML programs. 90% of Middle East organizations are dedicating more than 6% of their annual IT budget to these initiatives in 2022 – a 32 percentage point increase on those that committed that proportion of their budget in 2021. Rackspace Technology is a leading end-to-end multi-cloud technology services company. It designs, builds, and operates customers’ cloud environments across all major technology platforms, irrespective of technology stack or deployment model.

BRILLIANT OPTICS. POWERFUL AUDIO. ALL-IN-ONE AMAZING DESIGN. Introducing Logitech Rally Bar

The Integrator

Articles inside

Active Resistance Against Cyberattacks

High-Performing Cybersecurity Mesh Platform to Protect Enterprise Assets