VISIT US AT: HALL SA, STAND B10
The new
Come see the new look and feel of our best selling Access Control Solution!
Learn about our Award Winning Access Control Solutions including our New Bluetooth & NFC Readers!
Experience the New VMS solution seamlessly integrated into all RBH access control software!
WWW.RBH-ACCESS.COM
A Promising Year Ahead Firstly, wishing you all a Very Happy New Year! We are pleased to open our year with a strong presence at Intersec 2019 regarded as the biggest exhibition in the region focused on security and safety A well compiled cover story “future of security” brings to you detailed brief on challenges faced by organizations today to tackle issues of cyber security. Also, how the explosive growth of digitalization is making security solutions equally innovative to keep pace with changing landscapes. Smart homes, smart cars, smart wearables, and smart everything are becoming a way of life. Security needs to be equally smart to address vulnerability challenges faced by all these smart devices and systems. More and more data with current estimates of 20% is stored on cloud so it’s of paramount importance that the security level manages and responds to all threats that arise. The focus on trends in our coverage on “future of security” will provide important cues SI’s & VAR’s to orient their services inline with forthcoming trends and presents a great business opportunity for growth in times ahead. As we look ahead to 2019 upward trends, we have created a calendar of events focused on Training, addressing vertical topics and Engagement of brands, SI’s with the SME customers over a full year activity. Also overseas events are planned to further provide opportunity to the channel to expand its geographic footprint and consolidate business Wishing you all a very successful and fruitful 2019. As leaders in ICT communication, we address 40,000+ contact channel base across MEA we are very committed to providing all relevant information which fuels your business and growth. Warm Regards
Vivek Sharma Managing Editor
Managing Editor: Vivek Sharma
ontents
Dear Readers
Cover Story
Future Of Security – 10
News Bytes
Dahua Technology Sets To Launch The “Heart of City” Strategy at the Intersec 2019 – 5
SonicWall Boosts EMEA Presence – 8
Interview - DTS
Automation is Key in the Enterprise Security Segment – 15
News in Detail
Insight Venture Partners Invests $500 Million In Veeam – 16 Help AG Launches ‘Hackademy’ – 19
Insight
The Road Ahead for Cybersecurity in 2019 – 26
TechKnow
Protection From Scam Apps – 30
Published by: JNS Media International MFZE
Content Lead & Business Development-
P.O Box 121075, Dubai UAE, Tel: +971-4-3705022 Fax: +971-4-3706639, website: www.VARonline.com Sales Inquiries: sales@var-mea.com All other Inquiries: info@var-mea.com | Editorial: editor@var-mea.com
Christopher David
Disclaimer: While the publishers have made every attempt possible to get accurate information on published content in this handbook they cannot be held liable for any errors herein.
Art Director: Faiz Ahmed Commercial Director - Mallika Rego
News Bytes
Axis Communications to Showcase Innovative Solutions at Intersec 2019 Axis Communications will showcase the many dimensions of its products, solutions, and services across retail, critical infrastructure, and smart cities at the 21st edition of Intersec from 20th–22nd January 2019. Philippe Kubbinga, Regional Director - Middle East & Africa, Axis Communications, said, “We have stayed at the forefront by constantly challenging the status quo and investing in our people and our partners. As we move into another year, we have an ever-increasing demand for smart products, solutions and services. We have continued to add new dimensions in our offerings across retail, critical infrastructure and are also seeing a positive trend in smart cities. At Intersec 2019, we look forward to an in-depth conversation with our ecosystem on the future of security and surveillance, and its constantly adapting landscape and application.” Martin Gren, Co-Founder of Axis Communications, will be a key speaker at the Intersec Future Security Summit on 20th January 2019 where he will discuss 'Future of global security industry: security end points viewed as a mode of connection, not an intrusion'.
4 | January 2019
Kaspersky Lab Uncovers Third Windows Zero-day Exploit in Three Months Kaspersky Lab technologies have detected a new exploited vulnerability in the Microsoft Windows OS kernel. The latest exploited vulnerability (CVE-20188611) was found in malware targeting a small number of victims in the Middle East and Asia. Because the vulnerability exists in the kernel mode module of the operating system, the exploit is particularly dangerous and can be used to bypass built-in exploit mitigation mechanisms in modern web browsers, including Chrome and Edge. The vulnerability has been reported to Microsoft, which has released a patch. The latest exploit, found used in-the-wild targeting victims in the Middle East and Africa, is believed to have been exploited by multiple threat actors, including a new advanced persistent threat (APT) called Sandcat. “The detection of three kernel mode zero-days within a few months is evidence that our products use the best technologies, which are capable of detecting such sophisticated threats. For organizations, it is important to understand that to protect their perimeter they should use a combined solution, like endpoint protection with an advanced threat detection platform,” said Anton.
Raqmiyat and eMudhra to Bring Paperless Office Solutions to UAE Raqmiyat has announced that it is now an authorized reseller of eMudhra products and services—including paperless and digital office solutions—for the UAE region. Raqmiyat sees this partnership as a strategic engagement that will enable its customers to adopt sophisticated Identity Management, Paperless Office, and PKI solutions to empower their organizations. Commenting on this partnership, Amer Khreino, Chief Executive Officer, Raqmiyat, said, “Our partnership with eMudhra will empower our customers, enabling them to secure their business, as they move towards the digital transformation arena. Secure e-signatures and digital signatures, two- and multi-factor authentication, SSO, digital ID, and paperless office are amongst eMudhra’s leading technologies that will benefit our customers.” Arvind Srinivasan, Head Global Markets, eMudhra, said “Solutions aimed at addressing secure digital transformation are the need of the hour in the Middle East region, and specifically, UAE. Raqmiyat has been a strong, long-lasting player in the market focused on making digital transformation easy for many firms in the region. We are glad to partner with Raqmiyat and are highly confident in the success that will result from a combination of their expertise and our solution stack.”
Dahua Technology Sets To Launch The “Heart of City” Strategy at the Intersec 2019 Dahua Technology, a well-known video-centric smart IoT solution and service provider, will be launching “Dahua Heart of City (HOC)” New Smart City Framework to the overseas markets, this Intersec exhibition at the World Trade Centre in Dubai. First released in Security China 2018, “Dahua Heart of City (HOC)” is a smart city development engine supported by Full Sensing, Full Intelligence, Full Computing, and Full Ecosystem (4 Full) As the engine of cities and industry, Dahua HOC will act as a heart that is capable of sensing a city’s pulse and data, while driving healthy city development. General Manager of Dahua Technology Middle East FZE, Xin Chen, will launch the new strategy during a seminar at one of the world’s leading trade fair for safety, security and fire protection. There will be a full presentation on HOC and a Q&A session, followed by a talk on New Technology Sharing, and Project Experience Sharing. “We are pleased to introduce HOC to the overseas markets, and to explore what smart city standardization has brought to urban construction, as well as the significance of artificial intelligence in the making of smart cities,” says Chen. Dahua Technology has set out with the big picture in mind, redefining a new start by releasing its “Dahua Heart of City (HOC)” strategy. The strategy gathers together the company’s strong technological innovations, top-level security network architecture, and operation services capabilities, while forming end-to-end solutions with supporting technologies such as artificial intelligence, deep learning, IoT, within all areas of smart city operations enabling them to become smarter, and satisfying a city life that calls for high quality. Since Security China 2018, Dahua Technology have already brought dozens of new technologies, products, and solutions to the industry which completely support the realization of Dahua HOC. Building sensing systems around real-life customer scenarios and using multispectral imaging technology to achieve full-scene distribution analysis of crowds and traffic density, and capturing details for facial feature and behavior analysis at ultra-long distances.
No More Ransom Announces ESET as a New Partner No More Ransom—an international initiative between Europol, the Dutch National Police, and major cybersecurity organizations to fight ransomware—has announced ESET as its latest partner. This collaborative project helps victims of ransomware attacks recover their personal data and has so far managed to decrypt the infected computers of 72,000 victims worldwide. With its 130 partners, the No More Ransom online portal hosts a collection of 59 free decryption tools from multiple security software vendors, covering 91 ransomware families. Users from around the world can recover data held hostage by
Evanssion Partners with Bitglass for Real-Time Cloud Security
ransomware attacks by accessing the
Evanssion has signed a distribution agreement with Bitglass to offer a complete NextGen CASB solution in the MENA region. The solution will allow customers to deal with zero-day security across any app and device— managed or unmanaged. “The adoption of cloud services in the region will increase exponentially in the next 24 months,” said Sheik Abideen, Vice President, Evanssion. “Most large enterprises are not fully prepared to address data security challenges arising out of this transition. Customers must to go beyond their perimeter to discover, manage and protect the corporate data residing in various cloud environments. Bitglass provides a single platform to address these challenges and help customers to fast-track their adoption of cloud services.” “We are excited to partner with Evanssion to expand the reach of Bitglass’ market-leading CASB solution,” said Rich Campagna, CMO of Bitglass. “Evanssion has a specialized team of professionals who understand organization’s need for cloud access security to cater to their transition to cloud-based services. We rely on their expertise to help us accelerate our market growth, penetrate new industry verticals, and help us crack new business opportunities.”
tools have so far kept around USD 22
available tools for free. Launched in 2016, No More Ransom decryption million out of the pockets of cyber criminals. ESET, on its part, has been helping ransomware victims recover encrypted data, and its decryption tools having been downloaded over 250,000 times. Now two of these tools will be available to a wider audience through the free, centralized and user-friendly platform of No More Ransom.
January 2019 | 5
News Bytes
The Year of Digital Transformation in the Data Center Digital transformation in the data center is not just a buzzword today as there are real benefits to be gained from embracing the migration from manual, analog information systems to automated digital ones. Ehab Kanary, vice president of Enterprise, Middle East and Africa, CommScope, says, “There will be more demand for digital transformation initiatives than ever before in 2019 because CEOs are finally realizing that for their companies to stay relevant, their businesses need to transform.” The five technologies that CommScope thinks will impact the data centers in 2019 include: 5G Wireless: As we move toward the Internet of Everything, the final link between devices and the network is likely to be wireless. Mobile workforces and even employees at the office will use 5G services to rely even more heavily on their phones and other portable devices. IoT: The MicroMarket predicts the UAE’s IoT market will more than triple, reaching $ 35 billion (Dh126 tn) in 2019. As companies deploy wired and wireless sensors that produce large amounts of raw data, this data is turned into useful information providing value for the user. VR/AR: This year will see higherspeed 5G networks designed to support AR/VR traffic with a greatly enhanced capability to support data generated at the end user device. Blockchain: Because blockchain can and is being used for anything that requires a permanent, secure, and verifiable record for a decentralized access, this technology will be increasingly adopted in 2019. AI: In the UAE, Artificial intelligence (AI) is expected to boost economic growth by 1.6 per cent, adding $182 billion (Dh 667,94 tn) to the national ec economy by 2035.
6 | January 2019
Smart City Services at Silicon Park On Course for Completion
du, from Emirates Integrated Telecommunications Company (EITC), has announced its partnership with Orange Business Services to deliver a complete range of smart city services for Silicon Park. Farid Faraidooni, Deputy CEO, ICT Solutions, EITC said, “Silicon Park is among the most eagerly-anticipated smart living projects in the Middle East region and once delivered, it will act as a significant milestone in realising the vision of Smart Dubai.” Luc Serviant, Vice President - Middle East & Africa, Orange Business Services, said, “Our partnership with du combines our global expertise with local insights and experience to contribute to the development of Silicon Park that is set to become Dubai’s first smart city.” Engineer Muammar Al Katheeri, Executive Vice President of Engineering and Smart City at Dubai Silicon Oasis Authority, said, “Comprising state-of-the-art infrastructure and amenities, Silicon Park is set to provide 60 smart services with an investment of AED 100 million, in line with the vision of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, to transform Dubai into the smartest and happiest city in the world.”
Avaya Announces Enhancements to Its Avaya Desktop Experience Avaya Holdings Corp. has announced enhancements to its Avaya Desktop Experience portfolio of smart business devices, including a new line of professional-grade communication headsets, expanded Broadsoft UC feature support, enhancements to its Essential Experience J100 Series, and the availability of Device Enrollment Service 2.0. Building on the November 2018 expansion of its Open SIP smart devices portfolio, Avaya has significantly increased the ability of the Essential Experience J100 Series of smart business desktop devices to support Broadsoft UC features, enabling UCaaS service providers to add Avaya Open SIP to their UCaaS offerings on a broad scale. "Avaya continues to make significant strides in revolutionizing the desktop space and advancing the Open SIP market,” said Ard Verboon, General Manager of the Devices portfolio, Avaya. “With the availability of support for Broadsoft advanced features combined with the large breadth of the Avaya Desktop Experience portfolio, Avaya is now a one-stop shop for any smart device that a company may need, and UCaaS providers can now look to Avaya to meet their smart devices needs–from the professional desktop, to campus mobility, to personal and room conferencing, to headsets–as well as industry vertical solutions.”
News Bytes
SonicWall Boosts EMEA Presence SonicWall has announced record yearon-year growth in the EMEA region with key EMEA milestones including the opening of three new offices in Basingstoke (UK) Barcelona (Spain), and Dubai (UAE), as well as strategic new hires to drive additional regional growth. The three new office locations provide SonicWall with improved access to local channel partners, ensuring customers across EMEA to SonicWall’s channel presence. The success of SonicWall’s EMEA business was boosted by the new enterprise services announced during Q4 2018, which include zero-touch and Cloud deployment of SonicWall next generation firewalls, as well as secure SD-WAN which is delivered alongside SonicWall’s firewall protection. Michael Berg, Executive Director Sales EMEA, SonicWall, commented, “Our boosted presence across EMEA is part of a long-term plan, and proof of our determination and commitment to strengthen SonicWall’s value proposition among our valued customers and partners within this exciting and rewarding market. By ensuring our channel expertise is always within easy reach and that we are committed to speaking local languages, we are better placed to understand and respond in a valuable way to our customers’ individual cybersecurity challenges.” SonicWall has also announced strategic new hires to lead its enterprise sales, DACH, and UK sales teams. These include Michael Struss who will head the DACH enterprise team, Jan Patrick Schlögell will lead the DACH channel team, Helen Jackson has been inducted as the Regional Sales Director for the UK, Fabrizio Corradini as Strategic Partner Manager for Southern Europe, and Luc Eeckelaert and Mario Pucciarelli as Strategic Partner Managers.
8 | January 2019
FireEye Updates Email Security In response to the changing cyber threat landscape, FireEye, an intelligence-led security company, has announced a number of new defenses in its Email Security – Server Edition. “FireEye continues to keep pace with the most sophisticated attackers,” said Ken Bagnall, vice president of email security at FireEye. “With our knowledge, we build new techniques for detecting attacks and attempts to bypass defenses. The speed and flexibility with which an email security solution adapts separates the good from the best. FireEye Email Security – Server Edition continues to detect an average of over 14,000 malicious emails per customer per month that get past other email security services.” The latest FireEye Email Threat Report says that 19% of all malware-less attacks took the form of business email compromise through executive impersonation in the first half of 2018. Impersonation attacks continue to be significant because adversaries are finding that people will often react to an email when it appears to be from an executive. “While executive impersonation protection has become a commonplace feature within cloud-based email security solutions, this has not been the case on-premises,” said Bagnall. “We’ve added executive impersonation protection to FireEye Email Security – Server Edition as a direct response of customer feedback.” The latest updates also include several other new features designed to combat emerging threat vectors while enhancing performance. These include attachment detonation customization (guest images) to enable administrators to create a guest image which can ‘fool’ the file into executing, full URL rewrite to protect end users from malicious links by rewriting all URLs contained in an email, the Multi-Vector Virtual Execution (MVX) engine to analyze the related password-protected files, and machine learning engine MalwareGuard to defend against emerging and new threats that often bypass traditional security solutions.
Infor Announces $1.5 Billion Investment Ahead of Potential IPO Infor announces an agreement to receive a $1.5 billion investment from shareholders Koch Equity Development, LLC (KED) and Golden Gate Capital. This investment builds on KED’s investment of more than $2 billion in early 2017, and it represents an important milestone as Infor considers a potential IPO in 2019 or 2020, subject to market conditions. "Koch and Golden Gate Capital have been phenomenal partners for Infor, and all of our 17,300 employees are excited about this milestone as we prepare for the next stage of growth," said Charles Phillips, CEO of Infor. Under Phillips' leadership, and over the course of Infor’s partnership with KED and Golden Gate Capital, Infor has invested approximately $2.5 billion in product design and development over the last five years and delivered more than 475 new products, 1,870 integrations, and 20,700 industry features in its CloudSuite product line. Infor CloudSuite is now the only fully multi-tenant ERP suite spanning front and back office applications, as well as logistics with global support (in terms of languages, currencies, and localizations).
Pulse Secure is THE market leader in providing Secure Access Solutions for people, devices, things and services. We’re 100% focussed on boosting workers’ productivity in a secure way. We make your company move smoothly and securely to the Cloud while your networks are protected without a burdon on IT. Contact us today for a free trial via www.pulsesecure.net/trynow www.pulsesecure.net infoemea@pulsesecure.net
Cover Story | Future of Security
THE FUTURE OF
SECURITY It will be technology versus technology, as innovations at both the ends—constructive and destructive—will shape the future of security
10 | January 2019
I
nnovations in technology have disrupted the way we live as a society or transact business. However, they have also opened up larger surfaces for attacks. Cyber criminals have become strategic in approach and have the capability to launch targeted attacks using sophisticated tools and techniques. Recent spate in the incidences of data breach are a testimony to the technical prowess that cyber criminals possess. Physical security of premises and assets is also at threat from bad actors that act out of malicious intent. And to make matters worse, today's security metrics are woefully lacking in the ability to fully capture these changes and their dynamics. As a result, organizations and consumers alike, are much more vulnerable to evolving security threats—
for concealment, and so forth are also on the rise. These complex attacks are often used for unauthorized access to sensitive or business-critical information which can then be used for financial crimes.
The Future of Security In view of rapid digitalization and a dynamic business landscape, rife with multiple, complex cyber threats, enterprise security has become a boardroom agenda and oranizations are spending more to strengthen they defenses. According to Gartner, organizations in the Middle East and North Africa (MENA) will likely spend about US$1.9 billion in 2019—an increase of about 10% over 2018—on enterprise information security technology and services. On the technology front, security
Smart homes, smart cars, smart wearables, and smart everything are highly vulnerable to viruses and malware attacks that can even lead to physical harm both cyber and physical—than they probably ever were.
Attacks are Becoming Complex Today's digital businesses are generating large amounts of data, which also often includes personal details of their customers. Most of this data either resides in the cloud or is stored on storage devices. Therefore, there is always a lurking fear of unauthorised access to or theft of storage devices that can lead to losses both to businesses and their customers. Advanced Persistent Threats (APTs) that use sophisticated techniques such as spear-phishing messages, network propagation mechanisms, spyware, tools
providers are continuously innovating and leveraging latest technologies to enable organizations to meet their evolving security needs—both current and future. We look at some of the areas that will see increased security threats as well as security innovations that will help organizations fight these evolving threats:
IoT Security With Gartner predicting the number of IoT devices to reach 21 billion by 2021, the IoT security landscape will undergo a radical change. A number of buildings and construction projects boast of 24/7 WiFi connectivity, smart devices, and voice assistants in order to attract prospective buyers. However, smart homes, smart cars,
smart wearables, and smart everything are highly vulnerable to viruses and malware attacks that can even lead to physical harm. There have already been incidents of ransom attacks on IoT devices, which are expected to become larger in the future. According to McAfee Labs 2019 Threats Predictions Report, digital assistants will become the next vector for home IoT attacks. It has also been observed that cyber criminals leverage loopholes in the connected devices to orchestrate complex cyber attacks that can put the entire smart ecosystem—smart homes included—to risk. Although adoption of IoT devices is rapidly increasing, IoT security has a lot of catching up to do. McAfee predicts an increase in compromises on identity platforms and IoT edge devices in 2019 due to the adoption of smart cities and increased ICS (industrial control systems) activity. Therefore, manufacturers, providers, and governments globally, will come together for a concerted effort to effectively address the security threat posed by IoT devices. Also, since IoT-enabled devices are automatically interconnected through sensors, they will need innovative forms of authentication and better behaviour analysis in order to mitigate threats of the future. This is where technologies such as artificial intelligence (AI) and machine learning will step in and power the defense mechanisms of the future. It is expected that in the next ten years, AI and ML will play an instrumental role in detecting attack vectors as well as unearthing hidden patterns in IoT communication protocols, especially in endpoint security monitoring and analytics. In addition, manufacturers will release patches to update devices (much like software patches) and vendors will adopt standardized practices in encryption and device authentication.
Cognitive Security Security is a continuous process of plugging in vulnerabilities through access controls, and then monitoring these controls for efficiency so that additional rules and January 2019 | 11
Cover Story | Future of Security
policy enhancements can be implemented, as required. Almost all organizations follow this approach for their security practices. But, this framework may not scale, given that today's businesses are much more vulnerable to numerous and complex threat types. Cognitive security, with its ability to continuously learn, conduct assessment of the subject, and develop a hypothesis, goes beyond simple behavioral analysis. In future, it will provide insights that are otherwise extremely subtle and beyond human comprehension. This will enable security analysts to update rules and quickly adapt in accordance with the
future. In fact, BYOD is not just restricted to a device, as people have started to bring in whatever they need for better productivity. This means the attack surface has increased manifold and cyber criminals have greater avenues to reach cloud services that are accessed by remote team environments through wireless and mobile networks. A compromise of this environment will not only result in access disruption but will also give rise to shadow IT and put overall security architecture at a heightened risk. Keeping in view the need for alwayson access to employees, contractors, and customers—whether onsite or remotely
will be widely used. Blockchain-based digital identity systems will come into play with its four-factor authorization that will replace simple user ID and password needed to access a device.
Cloud Security Organizations in Middle East and Africa will witness the world's highest cloud traffic growth rate of 41% by 2019, says Cisco’s Global Cloud Index forecast. However, McAfee Cloud Adoption and Risk Report has found that 21% of data in the cloud—such as intellectual property, customer, and personal data—is sensitive. As a result, cloud security will be critical for businesses
The security systems of the future will become more evolved with access control, video surveillance, and intrusion detection all merged into one
changing threat landscape. Since insights will be delivered in real time, it will save time to remediation and make security truly future-ready. Although still in its development stage, cognitive computing technology is evolving rapidly and bringing real value to early adopters.
Mobility Considering an increasingly mobile workforce and the rising trends of BYOD (bring your own device), hosted desktop, and hot-desking, securing the workplace will become even more important in the
12 | January 2019
located— regardless of the choice of location or device, organizations will adopt solutions that provide context-aware authorization which is aligned to the overall access control policy. Organizations will fortify their network security with core next-generation firewall services, deep packet inspection of encrypted traffic (DPI-SSL), and cloud-based multi-engine sandboxing. For wireless networks, the 802.11ac Wave 2 wireless technology will be used to secure both indoor and outdoor environments. For mobile networks, multifactor authentication and endpoint control
in the MEA region. Heightened security threats to the cloud have already rung alarm bells and given rise to the need for better monitoring and complete visibility of the traffic traversing through the cloud or data center network. Organizations, going forward, will need to reduce the attack surface as much as possible by controlling unauthorised access. Organizations will need solutions that allow them to not only protect cloud workloads, but also prevent data leakage. Automated cloud scrubbing solutions, powered by advanced technologies
such as machine learning, will empower organizations with faster mitigation capabilities at lower operating costs. Owing to the granularity provided by these solutions at scale, organizations will be able to accurately profile and monitor thousands of servers and services on innumerable distributed networks, while enabling multiple simultaneous attack mitigations. In addition, a lot of effort is being made to build a secure and flexible computing environment that will not only secure the cloud but also support multiple workload environments such as onsite, cloud, remote desktop, IoT and others. This approach will help organizations focus on protecting and controlling access to data throughout its life, rather than just securing capabilities of a single device.
Hardware-enabled Security When cyber threats permeate through multiple computing stacks—from software to hardware—software solutions protecting software may well prove outdated. Therefore, to ensure security of the entire computing stack including hardware, firmware, operating systems, applications, networking, and the cloud, organizations will look towards hardware-enabled security solutions. Hardware assisted technologies will enable organizations to proactively detect advanced cyber threats and improve privacy, scalability, and trust in blockchain solutions.
Safeguarding the House: Internal Security With increasing mobility, and access to enterprise resources through multiple device types such as laptops, tablets, smartphones, and so forth, employees will become a much bigger internal security threat. The Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast (2016 to 2021), predicts that by 2021, a larger section of global population will use mobile phones (5.5 billion) more than their bank accounts (5.4 billion). Organizations will, therefore, need better gatekeeping mechanisms to fight these internal threats. There will also be a
paradigm shift in the way organizations approach enterprise security. In future, enterprise security will focus more on control of internal and external threats rather than damage control. The outlook will shift from attack-centric approach to a more people-centric approach. What this means is that it will be the people, interacting with enterprise IT resources, who will spot and control anomalous behaviors before these threats can snowball into something disastrous. That will require a fine balance between security and usability of the frameworks such that data and applications are adequately protected while users can also seamlessly access enterprise resources, regardless of the location or device. This is critical because user experience fraught with friction can adversely impact the overall security posture of an enterprise. As a result, in future, we can expect a greater thrust on training and culturesensitization to empower the first line of defense—the people on the floor. Organizations will make a greater effort to spread awareness about security practices through mock drills and sensitization on the basic hygiene of cybersecurity policies such as not opening attachments or links that come from unknown sources.
Is Cyber Security Enough? However, can organizations rest assured by fortifying cyber security alone? No. Because, for an all-round security, there are other security aspects as well that businesses need to consider. For instance, what about unauthorised people with malicious intent entering the premises? They can pose a risk to business assets as well as employees. What about fire safety mechanisms? If left unchecked, this security lapse can result in massive losses in terms of assets and/ or people. Therefore, organizations need a holistic security approach in order to ensure a 360-degree security.
Commercial Security Systems Commercial security systems are proving effective in bolstering security
Watch out for some of the top trends in the future of security as mentioned below: • A network of hi-tech, satellite and video networked electronic surveillance called Smart Watchers, will become omnipresent. • Wireless authentication of an individual will be done through National Identity Cards that will have embedded chips and contain the entire genomic profile of the individual apart from information from government, transportation, banking, telecom and other such networks. • Individuals will undergo biometric (fingerprint, face, eye, genome) authentication to enter electronic networks or physical areas. • Bio-rective nano chips—the size of pinprick—along with embedded secure wearables, and GPS will help track and recover from incidents of theft or kidnapping. • There will be an increased need for DEPS (digitally engineered personalities) or personal sensors in the global telecom Internet network that can provide 24/7 follow-you-anywhere security to an individual/enterprise/ government • Attacks against economies and enterprises, also known as Economic Information Warfare (EIW), will become a big global threat.
January 2019 | 13
Cover Story | Future of Security
of the premises and business assets. Organizations have come to realize that deploying commercial security systems such as surveillance cameras and alarms are no longer a wasteful expenditure, but an integral component of their overall security framework. There are numerous benefits that commercial security systems bring to organizations. For instance, deployment of surveillance cameras enables organizations to successfully turn down false claims from customers and/or employees for injuries or damages in the premises. These cameras also help reduce incidents of theft, especially for businesses that involve a lot of interaction with external public, such as retail, banking, healthcare, and so forth. Installation of security systems such as surveillance cameras and alarm systems act as deterrent for miscreants, as finding the culprit becomes much easier. Unauthorised access to restricted areas is also curbed. In case of emergencies such as fire, automatic fire alarms alert the employees, thereby saving precious lives. Often, insurance companies also offer better and cheaper insurance plans when they learn that an organization has installed a security system Apart from surveillance cameras, there are a number of automated security systems such as access control devices, alarms, safety phones, and hi-tech entry systems. Doorbell cameras, automatic door locks, and mobile integration for security are some of the security measures that are commonplace today. However, continuous advancements in technology are making commercial surveillance solutions smarter and user-friendly. For instance, technological innovations have enabled evolution of surveillance cameras. CCTV cameras, that once produced blurred images, have evolved into intelligent devices—high-end IP cameras—that offer high-definition videos and can also be integrated with analytical software for quick insights.
14 | January 2019
Smart Surveillance Cameras of the Future There are a number of innovations lined up in the commercial security systems space that will transform this segment. The security systems of the future will become more evolved with access control, video surveillance, and intrusion detection all merged into one. The advanced surveillance cameras will provide a 360-degree view of the premises, help detect and recognize faces, read number plates of vehicles, and come enabled with night vision in order to detect and prevent suspicious activities. Security cameras of tomorrow will not need cabling, as they will be solar-powered and connected to the wireless systems. This will make these surveillance cameras cheaper, leading to wider acceptance and use. The next-gen security cameras will also become more user-friendly, as they will seamlessly integrate with smartphones and enable supervisors to monitor the premises remotely. Video monitoring systems of the future will transmit data such as temperature, sound, and movement such that the property can be monitored and authorities be alerted should the need
Manufacturers, providers, and governments globally will come together for a concerted effort to effectively address the security threat posed by IoT devices
be. And it's not just mute monitoring, as surveillance cameras of the future will enable two-way talk to enable people to talk to each other. Also, going forward, surveillance cameras will support voice commands, thereby allowing for complete hands-free management of these systems.
Smart Alarms Smart alarm systems of the future will be integrated with the lighting systems such that in case an intruder tries to break in, all the lights will go on and off incessantly. Smart alarms will be able to alert authorities, in addition to the people present in the premises, in case of break-ins or fire. Intelligent doorbells, connected via WiFi, will allow users to remotely speak to visitors even when no one is present at the property. Using biometrics, efforts are on to develop smart alarm systems that disarm when they recognize a legitmate user and even open the door from the inside.
Conclusion Technological advancements and innovations are happening everywhere. What was only a part of sci-fi movies a couple of decades ago, is a reality already. Internet of Things, big data, artificial intelligence, machine learning, blockchain, robotics, social media, and host of other technologies have completely transformed human life. However, in the process, these technologies have also become a vector for greater threat to businesses and humans alike. To find and respond at speed and scale to the threats that are becoming more sophisticated and complex, organizations will integrate all security elements into their security fabrics. Organizations will automate all the security elements with advanced threat intelligence to shrink the time-to-detection and quick remediation. Therefore, organizations will proactively build resilience to the evolving security threats with efficient data protection, access control, and secured premises in order to safeguard their businesses holistically. In the end, it will be technology—complete with all its innovations—that will provide the required solutions and help shape the future of security.
Interview | DTS Solution
Automation is Key in the Enterprise Security Segment to optimize access to genuine users? Secure remote access has been around for many years with services such as SSL VPN and published services where remote users can access internal resources in a secure manner, when combined with Multi-Factor Authentication and Device Level Authorization provides the strongest level of security. You then introduce additional challenges by enabling mobile workforces – what happens if an employee’s device whether it is a smart phone which has corporate emails or a corporate laptop which has sensitive financial results is either lost or stolen. Device encryption, mobile device management and remote wiping abilities all then come into place. Mobile workforce presents major security challenges but support agility in business; having said it is certainly possible to secure this in the right manner.
Shah H. Sheikh Sr. Cybersecurity Consultant & Advisor/Co-founder DTS Solution
What are the major security concerns for any business? There are a few major security concerns on any business, most notable are how secure is my environment from being breached or hacked, how resilience are my systems to quickly recover if in the unfortunate event a breach does materialize, how do I know if my systems are fully protected and the controls in place are effective whether they are people, process or technology related. Major concerns that are trending right now are data security and how much data stored within an enterprise is of value, critical nature and requires protection for regulatory requirements. Cloud security management and what level of effectiveness and visibility can be achieved when cloud services are adopted to list a few. With increasingly mobile workforces, what can businesses do
What must businesses do to ensure enterprise-scale security management? For us this is about being simple, effective and building maturity that is measurable on a cyclic basis. To have effective security management you need to run security like clockwork that is a well drilled machine, security processes that are embedded into critical business processes, sound security culture, strong technology practices, skilled resources and of course good ecosystem of trusted 3rd parties that you can work. All of that is wrapped around well-defined security policies, procedures and processes. To measure effectiveness KPI’s for security must be defined and measured across the various domains, understand your level of security maturity and benchmark yourself against others to understand if you threat footprints is in line with your investment in security. What innovations do you foresee in the enterprise security segment? Innovations in cyber security are clearly around the use of machine learning and potentially artificial intelligence. Automation is key and this can be achieved with security related tasks, building consistent security topologies, network security architecture, pre-hardened systems when spinning up virtual machines, applications that are secured by spinning up docker apps which are already security vetted are all tasks that can be automated and we see secure-by-design through automation as a key innovation that will be realized in the coming year or so. Coupled that with advance machine learning techniques to detect hacker profiles, threat attributes and exploit attempts will overall improve both containment and detection capabilities. There are use cases for using blockchain in cybersecurity such as Anti-Spam and Threat Intelligence but they are yet to be proven for mass deployment and be advanced than current offerings. January 2019 | 15
News In Detail
Insight Venture Partners Invests $500 Million In Veeam Veeam Software, announced that Insight Venture Partners has invested $500 million with strong participation from strategic investor Canada Pension Plan Investment Board (CPPIB) to accelerate the next phase of Veeam’s growth as the No.1 provider of Data Management solutions for the public and private cloud. Veeam will leverage Insight Venture Partners’ internal business strategy arm, Insight Onsite, and capital to accelerate its expansion through both organic growth and M&A activities. Veeam is one of the largest privately held software companies in the world, with approximately $1 billion in sales and more than 325,000 customers, adding 50,000 new customers every year. Veeam has been growing organically over the last 12 years in a rapidly expanding cloud data management market that enterprises annually spend an estimated $30 billion to address. “We have a long-standing relationship with Jeff Horing and Michael Triplett from Insight Venture Partners, having worked with them since 2002 when Insight invested in our first company, Aelita Software,” said Ratmir Timashev, Co-Founder and Executive Vice President (EVP), Sales and Marketing, at Veeam. “Back then, we relied on Insight to provide strategic counsel and support, and after we sold that company to Quest Software in 2004, we continued our relationship. Over the years, Insight has been a trusted advisor to Bill Largent, Andrei Baronov and me, even acquiring a minority share in Veeam back in 2013. Today, Veeam is doing excellent in the data management space, with more than 325,000 customers, 60,000 partners, 82 percent of the Fortune 500 relying on our solutions, with Insight and CPPIB’s, investment I know we will take this to the next level.” “Over the past decade, Veeam has established itself as the premier vendor for on-premises backup and recovery software, and for providing data management for public and private cloud environments. Only great companies like Amazon and Apple have been able to pivot into market leading positions in multiple markets, and Veeam now joins this elite group,” commented Michael Triplett, Managing Director at Insight Venture Partners, and member of the Board of Directors at Veeam. “Veeam has unparalleled leadership in terms of technology, vision and go-tomarket strategies and Insight is thrilled to continue this journey with Veeam’s management.” Insight Venture Partners’ investment validates the vision and direction laid out by Veeam’s executive leadership team - to
16 | January 2019
be the most trusted provider of Backup solutions that enable Intelligent Data Management, and, through the Veeam Availability Platform, deliver Agility, Availability and Business Acceleration to customers across the globe. Leveraging Insight Venture Partners’ expertise, the investment will enable Veeam to accelerate its growth trajectory through both organic growth – i.e. portfolio innovation and expanding its geographical footprint – and via M&A activity which will drive Veeam’s expansion into adjacent markets. Pursuant to the terms of this investment Insight Venture Partners’ Managing Director, Michael Triplett, will join Veeam’s Board of Directors. Gordon R.Caplan, Co-Chairman of Willkie Farr & Gallagher LLP., served as advisor for the deal.
Interview | Camscan
Physical security and Cyber security are both crucial
What factors must businesses consider in choosing appropriate surveillance systems? There are various factors to be considered when choosing a surveillance system that fits their requirements best. To be specific, they need to consider the threats they faced, the risked they faced, the severity of each risk, and the likelihood of each risk occurring. It’s more about setting their requirements according to their specific needs. Abaas Mahroos Sales Manager - Middle East & North Africa Camscan
What must businesses do to ensure complete security? Any establishment is susceptible to threats on security, with businesses being at the top of the list. Thus, they need to ensure they have physical security and cyber security, and it should be both. Also, they must set requirements to both according to their needs. They must set specific requirements according to their security needs and the requirements should be math initially and maintained most importantly because with time, the systems can deteriorate and become outdated, therefore they need to always be serviced and maintained regularly in order to keep the reliability. Smart cities will need advanced surveillance mechanisms. How can that
be achieved? Keeping up with an ever-changing field like the Surveillance System industry is a huge challenge, that’s why it is a must for us to continuously improve and develop our range of products. It is essential for us to come up with solutions that equip more advanced functions, to be able to match up with the dynamic market, particularly smart cities. CAMSCAN has recently launched its latest innovation that supports Auto-Tracking, Early Warning function, equipped with an active pre-alarm, accurate tracking and smart deterrent. Moreover, deterrent is also important to smart cities and our newly launched PTZ has a warning system, audio and visual warning system, laser pointer to deter crime that can be controlled by security guard.
What advancements do you foresee in surveillance systems of the future? As I have mentioned the Surveillance System Industry is one that is quite aggressive when it comes to advancements. Further, Surveillance companies employing Artificial Intelligence (AI) algorithms are moving towards standardization. Artificial intelligence for video surveillance employs computer software programs that analyze the images from video surveillance camera in order to recognize humans, vehicles or objects where the software is programmed to define restricted areas within the camera's view (such as Tripwire, Double Tripwire, Perimeter/ Object Abandon, Object lost/running/ loitering/parking/crowd, Audio Abnormal Detection/Video Abnormal Detection) for a specific times of day for the property being protected by the camera surveillance. The AI sends an alert if it detects a trespasser breaking the "rule" set that no person is allowed in that area during that time of day. January 2019 | 17
News In Detail
Generation Z is Insecure, But Doesn't Seek Help
A
new Kaspersky Lab report has shown that Generation Z is the most anxious, with a majority of them admitting
their male counterparts. Chris Martin, CEO at The Mix said, “Across the world there
they are worried about something in their lives. However,
are global issues which all Gen Z citizens face but there is
most of them do not seek professional advice to help
still a stigma surrounding how they share their feelings and
them cope with it. In order to turn insecurity into security,
talking openly about mental health. Our new campaign will
Kaspersky Lab has joined forces with digital youth charity, The
help young people show others that they are not held back
Mix, to help young people from around the world embrace
by any of their insecurities and the often hostile atmosphere
their own insecurities, and show that they are not barriers to
of social media does not have to impact them.”
achieve happiness, through a new campaign #AndOwningIt.
Ilijana Vavan, Managing Director, Europe, at Kaspersky Lab
The report reveals that with their world dominated by
said: “We want to help young people around the globe turn
online news and social media, nearly half of Generation Z said
their insecurities into securities and overcome their real-life
they feel more anxious about their appearance than about
anxieties. This campaign is to help Generation Z realise they
their career prospects, money, terrorism, or being bullied. The
only create these barriers inside themselves and it’s in their
study also revealed that girls are more insecure than boys,
own hands to get past these insecurities and own them.”
as they feel much more anxious about their appearance than
18 | January 2019
Help AG Launches ‘Hackademy’ to Foster Ethical Hacking Skills in Middle East
D
ubai, United Arab Emirates- 15 January 2019: As the volume of cyber-attacks has escalated exponentially, spending on cybersecurity grew 8% in 2018 . Help AG, a leading cyber security services, consultancy and solutions provider in the Middle East, believes this is a positive and necessary development but warns that simply increasing security investment is not enough to mitigate new and sophisticated threats. To arm Middle East cybersecurity professionals with the skills and knowledge they need, the company today launched the Help AG Hackademy. This offensive ethical hacking hands-on training program is conducted by qualified L33T hackers and empowers attendees to perform attack simulations that uncover security vulnerabilities in their organisations’ IT environments. Mukhammad Khalilov, Manager Security Analysis at Help AG who heads the program said, “The best cybersecurity investments are guided by a keen understanding of the most critical security issues within the organization as these are the areas attackers are likely to exploit. Our hands-on training takes a deep dive into the many techniques and tools that attackers actually use in the real world. It therefore encourages attendees to ‘think like hackers’ and identify the areas that their organizations must first address to harden their security defences.” At its launch, the program comprises of five courses that cover several aspects of ethical hacking including internal and external penetration testing, assessment of web applications, simulating social engineering attacks, and executing advanced hacking
techniques such as buffer overflows and reverse engineering. The duration of each of these courses is either three or five days, at the end of which attendees are presented with a certificate of attendance, recognizing their successful completion of the training module. Held at Help AG’s regional headquarters in Dubai, each of the five courses will be conducted by qualified L33T hackers and will feature classroom style training with an emphasis on handson practice sessions. These trainings are specifically designed for both network and security teams and will be highly relevant to technical experts, software developers, SOC team members, network administrators, system administrators, web managers, auditors, and security professionals in general. The decision to launch the Hackademy follows the success of Help AG’s own penetration testing team which in the last year alone uncovered over 70 zero-day vulnerabilities in IT solutions and software from several industry-leading vendors. “We have seen how these efforts have contributed significantly to helping our clients strengthen their defences. With the Hackademy program, we’re now giving our customers an opportunity to empower their internal IT teams with the same skills and technical knowhow that we have gained through years of commitment to cybersecurity. This will enable them to regularly conduct simulated hacking exercises by themselves which will play a key role in mitigating risks they face from the constantly evolving threat landscape,” said Stephan Berner, CEO at Help AG. January 2019 | 19
News In Detail
A10 Networks Announces Advancements to its Application Delivery Solution
Prior generation ADCs lacked visibility and support for centralized management that bridge on-premise and cloud infrastructures with their diverse APIs and toolsets.
A
10 Networks has announced major advancements to its Thunder Application Delivery Controllers (ADCs) with harmony controller support for centralized, multicloud management, rich per-app analytics and DevOps tool integration. Numerous other enhancements have also been announced that allow integration with Kubernetes, enhanced Ansible Playbooks and simplified ADC policy configuration with expanded Application-Centric Template (ACT) support. Today, most organizations are striving to become more agile, as the role of IT and software becomes paramount. Fast roll-out, control and optimization of applications drive revenue, competitive advantage and customer satisfaction. Apps must be secured and quickly delivered regardless of where they reside. The new advancements in A10's ADCs will enable enterprises and service providers to efficiently deploy, manage, control and optimize secure application services across hybrid clouds.
20 | January 2019
Augmentations to A10’s Thunder ADC with Harmony Controller intelligent automation capabilities include centralized multi-cloud management, expanded L4-7 perapplication analytics across clouds, integration with DevOps tools, support for a secure portal, application-centric templates (ACTs), integration with private cloud orchestration tools, and ‘Nutanix Ready’ certifications for A10 vThunder and Harmony Controller on Nutanix’s Hyperconverged Infrastructure (HCI). “Prior generation ADCs lacked visibility and support for centralized management that bridge on-premise and cloud infrastructures with their diverse APIs and toolsets,” said Raj Jalan, CTO at A10. “Current processes are manual, inefficient and error prone and result in an inability to proactively and automatically modify infrastructure based on dynamic traffic profiles. A10 is addressing these challenges to improve agility for businesses of all types.”
Top IT Trends That Will Redefine Businesses in 2019
A
s new and emerging technologies continue to redefine IT and business, the pace of change and technological advancement is accelerating. MDS has announced the top
IT trends for 2019 as below: 1. Internet of Things: Although the adoption of IoT will be massive, it is still slow as the devices are not standardized. MDS is developing innovative IoT solutions to implement solutions like predictive maintenance instead of the traditional preventative maintenance model. 2. Artificial Intelligence: The use of AI technologies is now penetrating many aspects of business. Companies across Europe, Middle East and Africa are deploying AI technologies to revolutionize customer service as more and more consumers are showing an acceptance to AI-driven experiences. 3. Blockchain: Interest in blockchain technologies in the region is growing rapidly. The pace is being set by the government and public sector including education, healthcare, finance, distribution and services. The most popular blockchain use cases in the coming years will be cross-border payment and settlements, asset and goods management and identity management. 4. Multi-cloud: Enterprises in the region are now using multiple cloud solutions whether on-premises, public cloud, or a hybrid of both. In the coming years, upfront costs will become less important and AI and machine learning will be fundamental in increasing the levels of automation. 5. Big Data: With massive volumes of data being generated every second from connected devices, machines and IoT, Big Data is definitely a trend to watch out for. “Today, we are looking at a smarter, intelligent future driven by technologies such as cloud, artificial intelligence, blockchain, internet of things, and more. Regardless of the industry or enterprise, technology will play a part in transforming the
Today, we are looking at a smarter, intelligent future driven by technologies such as cloud, artificial intelligence, blockchain, internet of things, and more. Regardless of the industry or enterprise, technology will play a part in transforming the business.
business,” says Sami Abi Esber, President-MDS Gulf,
January 2019 | 21
News In Detail
Nutanix Enhances Channel Charter to Extend Opportunities for Global Systems Integrators and Distributors
N
utanix has announced that it is enhancing its channel charter, 'Power to the Partner', to extend opportunities to value-added distributors (VAD) and global systems integrators (GSI) along with additional opportunities for resellers. The new updates provide benefits to partners across industry, size and function in order for all Nutanix partners to succeed and grow with their Nutanix business. Nutanix had announced its brand new channel charter in August 2018 and now continuing with its mission, Nutanix has enhanced the program benefits for its existing resellers as well as extending these benefits to VADs and GSIs. Nutanix had recently also announced a partnership with Intel to allow GSIs and VADs to gain more autonomy and deliver their own branded hyperconverged infrastructure solutions. As part of the new components of the program, Nutanix has laid out features designed specifically for VADs to provide
22 | January 2019
access to incentives to help them capitalize on the multicloud, multi-platform and multi-workload opportunities in the market. Distributors can now leverage multiple resources throughout the sales lifecycle and can grow and improve their businesses alongside Nutanix. “We launched 'Power to the Partner' in order to ensure that all our partners have equal access to opportunities to evolve and grow their businesses,” said Rodney Foreman, VP of Global Channel Sales, Nutanix. “Since bringing the charter to market, we have listened to feedback from our partners, and have made an effort to quickly respond to their suggestions to extend the program to all partners from resellers to GSIs alike. As we look to help customers modernize their datacenters and embrace multi-cloud solutions, it is essential that every partner has the tools they need to help us carry out this goal.”
Improve Security Posture with Deep Learning Enabled Endpoint Detection By Harish Chib, Vice President – Middle East & Africa, Sophos security holes to access organizations, the unknown minority becomes important. Endpoint detection and response tools are about detecting that minority. EDR tools are built to supplement endpoint security with increased detection, investigation, and response capabilities. However, EDR tools can make it difficult to understand how exactly they can be used and why they are needed. Making matters worse, today’s EDR solutions often struggle to provide value for many organizations as they can be difficult to use, lack sufficient protection capabilities, and are resource intensive. The good news is deep learning enabled EDR tools provide the easiest way for organizations to answer the tough questions about security incidents. Here are the ways how deep learning enabled EDR tools help organizations to add an additional layer to their security posture.
C
ybercrime is big business and hackers are continually looking for new attack vectors. SophosLabs team witnesses 400,000 new malicious samples every day; this does not mean 400,000 programmers writing code. It means heavily automated systems. The result is bespoke malware – a virus written just for you. With that reality, the best line of defense is to use a multi-layered security strategy to work to protect organizations against both known and unknown threats. The best endpoint technologies will protect organizations against the majority of malware and threats impacting their organization. But as the threat landscape evolves and cybercriminals continue to morph attacks and work to find new
EDR helps in generating clear view of an organization’s security posture The hardest question for most IT and security teams is “are we secure right now?” This is because most networks have sizable blind spots that make IT and security teams struggle to see what is going on inside their environments. Lack of visibility is the primary reason why organizations struggle to understand the scope and impact of attacks. This often manifests itself when an incident occurs and the team assumes they are safe because that incident was detected. Deep learning enabled EDR provides this additional insight as well as determines if other machines were impacted. Generating a clear view of an organization’s security posture provides
the benefit of being able to report on compliance status. This information will help identify areas that may be vulnerable to attacks. It also allows administrators to determine if the scope of an attack has impacted areas where sensitive data is housed. It provides additional layer of detection When it comes to cybersecurity, even the most advanced tools can be defeated given enough time and resources, making it difficult to truly understand when attacks are happening. Organisations often rely solely on prevention to stay protected, and while prevention is critical, EDR offers another layer of detection capabilities to potentially find incidents that have gone unnoticed. Organizations can leverage EDR to detect attacks by searching for indicators of compromise (IOCs). This is a quick and straightforward way to hunt for attacks that may have been missed. It increases response time to potential incidents Once incidents are detected, IT and security teams usually scramble to remediate them as fast as possible to reduce the risk of attacks spreading and to limit any potential damage. On average, security and IT teams spend more than three hours trying to remediate each incident. EDR can speed this up significantly. The first step an analyst might take during the incident response process would be to stop an attack from spreading. Analysts will often do this before investigating, buying time while they determine the best course of action. January 2019 | 23
Insight | Attivo
IoT will continue its rapid expansion with over 50% of businesses incorporating IoT into their operations in 2019 for economic advantages, market competitiveness, and differentiation. Ray Kafity Vice President, META Attivo
Attivo Networks' 2019 Predictions I
n 2019, organizations in the Middle East will continue to invest heavily in multiple solutions to build and strengthen their cyber defenses, with Gartner predicting spending on enterprise information security technology and services to reach US$1.9 billion in 2019. In view of this, Ray Kafity, Vice President, Middle East, Turkey & Africa at Attivo Networks, shares his predictions on top cybersecurity concerns and the kinds of threats that will put these investments to test. • IoT will continue its rapid expansion with over 50% of businesses incorporating IoT into their operations in 2019 for economic advantages, market competitiveness, and differentiation. • Companies will start looking at
24 | January 2019
security differently, moving beyond IT risk management and into digital risk management to fully understand the extent of the attack and how to set the right controls in place to prevent their return. • The average dwell time which averages more than 100 days, globally, will begin to fall as companies become increasingly focused on supplementing traditional preventative cybersecurity measures with detection tools designed to detect attackers early in the attack cycle. • With a record number of breaches in 2018 driven by suppliers and contractors, 2019 will see an increased focus on supply chain risk, resulting in higher expectations and more complex
cybersecurity assessments of suppliers and third-party contractors. • Cloud will become an increased target for cyberattacks in 2019. Adoption of technologies like Cloud Access Security Brokers (CASB) and deception will grow significantly. • Strategic thinking will shift to that of an “active defense”, which will include gaining better understand of one’s adversary and creating preemptive measures to empower security teams. • In 2019, information sharing will be automated with an increased focus on the quality and reliability of threat intelligence to provide confidence in the alerts.
Insight | Infoblox
Infoblox 2019 Cybersecurity Predictions—AIpowered Attacks, Cryptojacking, Identity Theft, and Targeting IoT Devices
I
nfoblox has announced the cybersecurity trends that seem poised to alter the landscape in 2019. According to Infoblox, going forward cyber attackers will use
artificial intelligence (AI) to bypass security measures and avoid detection. It is projected that criminals will now implement artificial intelligence in their malicious software to automate target selection and check infected devices before deploying next stage malware and anti-detection technologies. With a significant amount of corporate data in the cloud, attacks on cloud platforms will increase, especially the attempts to compromise email. Since cryptocurrency usage has grown exponentially in the last few years, Infoblox believes cryptomining will continue to be a threat as long as attackers can make quick cash from the infections. The global regulatory environment is all set to become more challenging with greater efforts from regulators to ensure data privacy protection. It is estimated that by early 2019, around 80% of multinational companies will likely fail to comply with GDPR if they do not understand modern data protection regulations. Infoblox also foresees rapid rise in identity theft in 2019
Ashraf Sheet Regional Director, MEA Infoblox
with bad actors adding synergy to their attacks. With the adoption of voice-controlled devices increasing rapidly, cybercriminals’ interest in attacking voice assistant devices and IoT devices connected to them will inevitably continue to grow. And to counter the threat on connected devices, the IoT security market will grow rapidly. “Gartner expects that cybercrime will cost the world $6 Trillion by 2021. Infoblox brings next-level security, reliability and automation to cloud and hybrid systems, setting customers on a path to a single pane of glass for network management,” says Ashraf Sheet, regional director, Middle East and Africa at
Gartner expects that cybercrime will cost the world $6 Trillion by 2021. Infoblox brings next-level security, reliability and automation to cloud and hybrid systems, setting customers on a path to a single pane of glass for network management
Infoblox.
January 2019 | 25
Insight | Mimecast
The Road Ahead for Cybersecurity in 2019 T
he World Economic Forum recently placed cybersecurity as the fifth biggest global risk for doing business. The growth in connected devices – from consumer wearables to industrial IoT to medical devices – is compounding the security challenge. Mimecast has announced some of the key developments expected on the cybersecurity front in 2019. More effective, not different, cyberattack types: Throughout 2019, the most insidious development would be improved execution of existing attack types, especially those delivered via email. Better social engineering, more advanced phishing attacks, increases in credential stuffing attacks, and more complicated malware with multiple stages and different form factors for transmission, will make threats incredibly tricky to detect. Monetisation of data breaches: We’re likely to see cybercriminals use stolen credentials from the past few years’ data breaches to compromise the security of even the most secure organisations. Intelligence becomes ‘intelligent’: Organisations will realise the importance of threat intelligence and will talk about the need for an intelligence function. Artificial intelligence and machine learning will play a more prominent role. AI will also be used to detect break-ins, spam, phishing and more. Privacy will also become a key concern: Consumer connected devices such as cameras, microphones and wearables will become a major security issue as hackers discover ways to see live audio and video of unsuspecting people’s lives. “Even though the threat landscape keeps changing what seems to be the common thread is email, which continues to be the most common - and least protected - attack vector. We predict that while email remains vulnerable, it will continue to be the preferred entry point for criminals to deliver threats to your organisation,” says Brian Pinnock, cybersecurity specialist at Mimecast.
26 | January 2019
Brian Pinnock Cybersecurity Specialist Mimecast
Insight | BeyoundTrust
Using PAM for Cyber Forensics & Security Breach Remediation
R
egardless of an organization's remediation strategy, threat actors will find a way to access to the credentials.
This implies that any clean-up effort cannot reuse an existing password or key. The best way out is to change (rotate) all credentials across every affected or linked resource. This is where Privileged Access Management (PAM) comes into play. Password management is a core aspect of PAM, and includes the automatic onboarding, rotation, session management, reporting, and check-in and check-out of passwords from a password safe. While PAM technology is most prominently used for privileged passwords like administrator, root, service accounts, and DevOps secrets, it can also be used as a least privilege solution to remove administrative rights for applications and tasks. “No one wants to respond to a security incident or a breach, particularly at the start of a new year! Instead the highest priority should be to stop a cyberthreat before it compromises the organization. But in reality, preventing a cyberattack from
Morey Haber CTO BeyoundTrust
landing is not always possible. The steps for incident or breach identification—from threat hunting to searching for explicit Indicators of Compromise (IoC)—are well established. While the processes will vary from organization to organization, malware, compromised accounts, lateral movement, etc. will all need to be addressed as a part of any formal clean-up plan,” says Morey Haber, CTO BeyondTrust. Privileged access management should not only be considered for new projects and legacy systems to stop privileged attack vectors. It should be considered for forensics and remediation control after an incident or breach. PAM will help stop a threat actor from acting on some of the lowest hanging fruit within your organization-poor password and credential management.
28 | January 2019
No one wants to respond to a security incident or a breach, particularly at the start of a new year! Instead the highest priority should be to stop a cyberthreat before it compromises the organization.
CO-LOCATED EVENTS
1 – 3 APRIL 2019
| DUBAI WORLD TRADE CENTRE, UAE
SECURITY FOR DIGITAL INNOVATION The Largest cyber security exhibition & conference in Middle East, Africa and Asia.
12,000+
170+
300+
300+
ATTENDEES ACROSS THREE CO-LOCATED SHOWS
TECH COMPANIES EXHIBITING
LECTURES & WORKSHOPS ACROSS THREE SHOWS
SPEAKERS
USD 270 million
the amount visitors reported they will spend within 12 months of the show
BOOK A STAND NOW! gisec@dwtc.com |
OFFICIALLY SUPPORTED BY
www.gisec.ae
OFFICIAL DISTRIBUTION PARTNER
GOLD SPONSORS
DIGITAL WORKPLACE PARTNER
STRATEGIC PARTNERS
POWERED BY
ORGANISED BY
TechKnow | ESET
Protection From Scam Apps
Lysa Myers Security Researcher ESET
B
oth iOS and Android users are experiencing a flood of
app store or the bank attached to the payment card to refund the
predatory apps. While major app stores do keep out a large
charge. For subscriptions, although it may be complicated, but is
number of fraudulent apps, but with incredibly large number
worth the time and effort. Fraudulent apps can also be reported
of apps and updates, much of the review work is automated.
to the app stores and by way of contributing reviews describing
Therefore, it is likely that each app has a functionality that may
one's own experience.
not be seen by a human or be tested specifically. While most scam apps do include numerous positive reviews,
Lysa Myers, Security Researcher at ESET says, “users must be aware of the limitations of app store review processes and
these often show signs of phoniness. It’s a good idea to re-order
conduct their own research. They should avoid installing apps
the ranking options on reviews to see a more balanced picture.
that mirror a functionality of their phone, like a QR reader or a
Depending on the particular app store, sort the reviews to see
flashlight app, especially as many of these apps have a history
“most helpful” or “most critical” first.
of being problematic. It is also a good idea to push back against
Wait a few days or weeks before downloading brand new
“dark patterns”where a user interface is designed to intentionally
apps to figure out whether an app is a scam. In case, a user
trick or emotionally manipulate users into clicking where
downloads an app that turns out to be a scam, she can ask the
otherwise they might not.”
30 | January 2019
Introducing