Get Your Head out of the Cloud Zero Trust Access for Hybrid IT
The Challenges
Pulse Secure's Zero Trust methodologies
• Visibility:
• Verify User:
• Compliance:
• Verify Device:
• User Experience:
• Protect Data:
• Scale and Reliability:
• Control Access:
A myriad of devices presents visibility challenges as it’s important to know both what is on the network and what is not. With the influx of devices connecting to an enterprise’s network, compliance issues get raised.
When security is hard to use, people will find a way around it. This leads to potential data leakage or loss, and stolen credentials. Enterprises must be able to scale security solutions without infrastructure issues — issues around things like load balancing can hinder the delivery of applications to users.
Single Sign-On (SSO) and multi-factor authentication (MFA). Profiling is key to secure the network access Host checking and location awareness to validate the device before it connects. Always-On and On-Demand VPN along with Per-App VPN tunneling ensures every transaction is encrypted. We control access to the data center, Cloud, Saas with centralized policy management
Your business depends on the cloud, but you worry about data leakage and other risks ? Extend Zero Trust Access for the data center to the cloud and worry no more.
For more information contact your local Pulse Secure expert via infoemea@pulsesecure.net or visit pulsesecure.net Copyright 2019 Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are registered trademarks or Pulse Secure, LLC.
Apt Solutions for Data Breach Incidents
ontents
Dear Readers
Cover Feature - 8
Fortify Defenses Against Evolving Cyberthreats
News Bytes - 4
O
rganizations in the Middle East are the front-runners when it comes to adopting cloud and other cuttingedge technologies for the ongoing smart cities projects. This also makes the Middle East one of the hot beds for cyber attacks. Unfortunately, organizations in the region have a false sense of security, which makes them increasingly vulnerable. Despite surging global and regional investments in cyber security products and services, the future remains unsafe. Social engineering, phishing, malware-as-a-service, and other existing cyber threats are evolving. There's been a 126% rise in phishing attacks using malicious URLs. The risk is also rising because cyber criminals are continuously upgrading their skills through expertise sharing in the dark web. Tool-kits to launch cyber attacks are cheaply and readily available in the dark web. Data breach incidents are on the rise and cyber attackers harvest personal information from such exposure to inflict losses on businesses. Cyber security is a clear risk for doing business. Cost of clean-up after an attack is massive and losses worth trillions of dollars stare businesses in the face. Security strategies and solutions that worked a couple of years ago are now obsolete. There's a need for advanced solutions that can keep pace with the evolving cyber threats. In our cover story, we take a look at some strategic aspects—including the human aspect—and smart solutions that can help organizations build a holistic security posture. We do hope you find the reading useful.
Centrify Ushers in New Era of Privileged Access Management
Gemalto Expands Cloud HSM On Demand Solutions
Interview
Reasons for Businesses Becoming Vulnerable to Cyber Attack - 12 Adopt a 360-degree Approach to Security - 16
News in Detail
Pulse Secure EMEA Partner Summit delivers new channel initiatives -19 Forcepoint X-Labs Division - 20
Toshiba's SMART App for Smart Business Growth - 21
TechKnow
Dimension Data Introduces Next-generation Managed Services - 24
Insight
Cybercriminals Most Likely to be Caught on Servers and Networks: Sophos Survey - 23
EyeTech Warm regards,
Vivek Sharma Managing Editor
Managing Editor: Vivek Sharma
A10 Networks - 500 Gbps Thunder DDoS Defense System - 26
Published by: JNS Media International MFZE
Content Lead & Business Development-
P.O Box 121075, Dubai UAE, Tel: +971-4-3705022 Fax: +971-4-3706639, website: www.VARonline.com Sales Inquiries: sales@var-mea.com All other Inquiries: info@var-mea.com | Editorial: editor@var-mea.com
Christopher David
Disclaimer: While the publishers have made every attempt possible to get accurate information on published content in this handbook they cannot be held liable for any errors herein.
Art Director: Faiz Ahmed Commercial Director - Mallika Rego
News Bytes
Centrify Ushers in New Era of Privileged FireEye Secure Email Access Management Gateway Protects Centrify has announced new cloud-ready solutions to Against Threats help stop the leading cause of data breaches privileged credential abuse. Centrify Zero Trust Privilege helps Others Miss customers grant least privilege access based on verifying FireEye has announced that FireEye Email Security now provides full secure email gateway (SEG) functionality – blocking inbound and outbound malware, phishing URLs, impersonation techniques, and spam. According to FireEye’s latest Email Threat Report, 90% of email attacks were malware-less, with phishing attacks serving as the greatest offender, making up 81% of this subset. FireEye Email Security continues to detect an average of over 14,000 emails with malicious attachments or URLs per customer per month that get past other solutions. Email continues to be the most commonly used channel for both opportunistic and targeted attacks, therefore, organizations can’t afford to overlook these vulnerabilities. FireEye Email Security delivers detection and protection capabilities for email-based threats in a single solution. “It’s easy for organizations to become overly reliant upon blockingbased protection, until they realize what’s been slipping through. We see this time and time again in our incident response engagements when other security solutions failed to block email threats,” said Ken Bagnall, Vice President of Email Security at FireEye.
4 | March 2019
who is requesting access, the context of the request, and the risk of the access environment. In addition, the company has integrated the Centrify Privileged Access Service with SailPoint’s open identity platform, IdentityIQ, easing the coordinated adoption of zero trust privilege and identity governance best practices. In today’s environment, privileged access not only covers infrastructure, databases, and network devices but is extended to cloud environments, Big Data projects, and DevOps, and must secure hundreds of containers or micro-services. By implementing zero trust privilege, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise. “The solutions we are announcing today take a big step forward in redefining legacy PAM to secure access to modern attack surfaces with Zero Trust Privilege,” said Tim Steinkopf, CEO of Centrify. “Many of our customers have already moved to cloud or hybrid IT environments, and our solutions are cloud-ready to support them. However, we also have customers who still need to secure privileged access to on-premises infrastructure before they’re ready to move to the cloud. Centrify Zero Trust Privilege Services can meet the needs of on-premises, hybrid, or all-cloud environments with a multi-tenant architecture—so no matter where an organization is in their cloud readiness, we have a solution that is ready for them.” Cloud-ready Zero Trust Privilege combines administrative password vaulting with brokering of identities, adaptive multi-factor authentication enforcement and “just-intime” and “just enough”
Gemalto Expands Cloud HSM On Demand Solutions Gemalto has announced three new cloud-based Hardware Security Module (HSM) services, HSM On Demand for CyberArk, HSM On Demand for Hyperledger and HSM On Demand for Oracle TDE. Each service is available through the SafeNet Data Protection on Demand platform, a marketplace of cloud-based HSM, encryption and key management services that easily integrates with most widely used cloud services and IT products to protect data wherever it is created, accessed or stored. While organizations recognize data encryption as an optimal solution to securing sensitive information, including Hardware Security Modules to secure their cryptographic operations, they are challenged by the costs. Gemalto’s SafeNet Data Protection On Demand solves these challenges by providing cloud-based HSM services. Todd Moore, Senior Vice President of Encryption Products at Gemalto, said, “Our newest Cloud HSM On Demand services help organizations stay in front of new threats and regulations, by easily deploying an HSM solution for the strongest possible key management and security practices, all while providing fast, easy set-up, with remarkable savings over traditional approaches involving specialized hardware and skills.”
Kaspersky Lab Unveils New Program to Empower its Partners Every company’s IT infrastructure is uniquely complex. As such, businesses require IT security providers with specialized cybersecurity solutions and services that address specific needs – from hybrid cloud security, to defense from targeted attacks and industrial network protection. To help them meet these expectations, Kaspersky Lab has launched ‘Kaspersky United’, a program to enable partners — including resellers, service providers, and system integrators — to focus on selling the Kaspersky Lab services and products that match their own specializations. They will also receive access to education, sales and marketing toolkits and benefit from a new transparent monetary rewards scheme. Through the program, partners can maintain and monetize their specializations across different status levels (Registered, Silver, Gold and Platinum) in one or several domains: by solution (hybrid cloud security, threat management and defense, or fraud prevention), or by services, such as managed service provider, managed detection and response provider, or authorized training center. “The channel is being transformed to meet customers’ expectations, with new service offerings and business models,” – Ivan Bulaev, Head of Global Corporate Channel, at Kaspersky Lab, comments. “System integrators have established security operation centers in their data centers, and offer them as a service. We are also seeing companies specialize in niche areas, delivering specific expertise in SaaS form, such as threat intelligence platforms. We also see small and medium customers moving to an IT outsourcing model and MSP business growth following this pattern. To help the channel work effectively, we need to take these trends into account and create conditions in which each of our partners will find opportunities to develop and provide customers with the best solutions.
Cyjax to Launch Middle East Operations at GISEC 2019 Cyjax has announced plans to participate in the Gulf Information Security Exhibition and Conference (GISEC), to be held in Dubai, UAE from April 01-03, 2019. Using GISEC as a platform to launch its Middle East operations and will demonstrate its market leading digital intelligence platform. James Mason, Intelligence Analyst at Cyjax said, “We are seeing daily cyber-attacks targeted at entities in the Middle East. While these attacks range in their sophistication and their motives, the troubling statistic is that well over 70% are targeted at government or state-owned entities, using threat vectors such as fake job ads or sophisticated APT type attacks. As such, threat intelligence should be an integral part of any cybersecurity strategy as it focusses on existing and emerging threats and identifies internal and external risks to the organization, its infrastructure and brand reputation.” Discussing some of the planned regional investments, Mark Pearce, Chief Marketing Officer at Cyjax said, “Having already secured our first deal with a major UAE government entity, we are fully committed to the Middle East market and believe that the time is right to make direct investments in to the region. We will open a permanent office in Dubai, adding headcount and onboarding several channel partners. We will also make significant investments in training programs to develop local talent.”
Trend Micro Report Cloud Email Threats to Office 365 Trend Micro has announced that its Cloud App Security tool blocked nearly nine million high-risk email threats in 2018 as attackers continued to evolve their tactics, highlighting the importance of investing in multi-layered protection for online platforms like Office 365. The findings from Trend Micro’s Cloud App Security report detail how escalating email threat levels are exposing organizations to an increased risk of fraud, spying, information theft, and spoofing. As email remains a staple communication and collaboration tool globally, it is convenient for cybercriminals to leverage this integral, trusted platform for compromising attacks. “Organizations are increasingly looking to cloud email services to boost productivity and agility, but the Cloud App Security report reveals that— from credential phishing to business email compromise (BEC) and the use of unusual file types—hackers are employing a variety of new tactics to evade built-in controls, making it critical to invest in a second layer of defense,” said Kevin Simzer, chief operating officer at Trend Micro. As the report reveals, email remains one of the most popular threat vectors. In total, the solution detected and blocked nearly 9 million high-risk email threats in 2018.
March 2019 | 5
News Bytes
Turki Alnader Joins Tech Mahindra as Vice President Sales Tech Mahindra Ltd announces the appointment of Turki Abdullah Alnader as Vice President Sales, Saudi Arabia for their telecom division. Manish Agrawal, Regional Head – Communications, Media & Entertainment Business, MEA, Tech Mahindra, said, “We are pleased to appoint Eng. Turki Alnader as the head of our Communications, Media & Entertainment business in the Kingdom of Saudi Arabia which is one of Tech Mahindra’s focus market with MEA region. Eng. Turki is an industrial engineer and an accomplished senior management professional with 14 years of experience in the telecom and related businesses, overseeing programs & projects management, B2B sales, strategic planning and KPI performance monitoring, financial and budgeting planning, network implementation and communications. Eng.Turki Alnader, Vice President Sales, for Communications, Media & Entertainment Business, Kingdom of Saudi Arabia, said, “I am excited to join a global digital transformation enterprise like Tech Mahindra, and look forward to leverage its expertise in the digital space to deliver next gen technology-enabled solutions and services in the Saudi market.”
6 | March 2019
Genetec Launches New Version of Security Center in the Middle East Genetec has announced a new version of Security Center, the company’s open-architecture platform that unifies video surveillance, access control, automatic license plate recognition (ALPR), communications, and analytics in the Middle East. "With customizable live dashboards, enhanced privacy protection features, a new map-driven mobile app, and new functionalities that help users actively monitor the health of their system and ensure compliance with cybersecurity best practices, version 5.8 will allow users to optimize their physical security environment while benefiting from greater visibility into their operations", said Firas Jadalla is the Regional Director for the Middle East and Africa, Genetec. Customizable live dashboard: Security Center 5.8 will enable users to create custom dashboards that will display real-time data, such as video feeds, alarms, reports and charts in a way that is meaningful to them and their specific job function (security, operations, IT etc.). Mobile app: Security Center 5.8 will introduce a collaborative mobile app to provide operators complete access to their Security Center system when they are on the move and allow them to turn their smartphone into a valuable contributing sensor to their security system. In addition, the new mobile app will let operators share their location with colleagues in the operations center, send in-app messages and share live and recorded video through an intuitive map-oriented interface. System resilience and cybersecurity: System administrators often lack the tools to assess the potential exposure of their software, operating systems and physical security devices. Security Center 5.8 will introduce a new Security Score feature to track each system’s compliance with hardening guidelines, firmware availability and updates, password strength, as well as several other dimensions of cybersecurity.
Fortinet Receives 'Recommended' Rating for FortiClient Fortinet has announced the results from NSS Labs’ 2019 Advanced Endpoint Protection (AEP) Group Test. Of the 19 endpoint security vendors included in this year’s test, Fortinet’s FortiClient demonstrated a 100% block rate of exploits, unknown threats and HTTP malware, with zero false positives. It also demonstrated high effectiveness in detecting malicious malware across multiple vectors, including email, web, and USB (for offline threats), and was proven resistant to all evasion techniques. As a result, FortiClient has received NSS Labs' coveted 'Recommended' rating for the third straight year with low TCO. “Endpoint devices and applications play an increasingly important role in business and networking strategies,” said John Maddison, executive vice president of products and solutions, Fortinet. “Endpoint security solutions need to coordinate closely with the network and other security components, enabling them to share telemetry, correlate intelligence and quickly address increasingly sophisticated threats as part of an automated and coordinated response. Fortinet is pleased to have received our thirdstraight Recommended rating by NSS Labs for FortiClient along with the many we have received for our other Security Fabric components as we remain committed to third-party testing validations.”
OFFICIAL GOVERNMENT CYBER SECURITY PARTNER
OFFICIALLY SUPPORTED BY
THE WORLD'S MOST FAMOUS HACKER AND EX-#1 ON THE FBI'S MOST WANTED LIST TO HACK LIVE IN DUBAI See the jaw-dropping live hack by KEVIN MITNICK for as little as AED 1,999. #GISEC www.gisec.ae I gisec@dwtc.com I +971 4 308 6805
OFFICIALLY SUPPORTED BY
STRATEGIC PARTNERS
GOLD SPONSORS
IOT PARTNER
POWERED BY
CO-LOCATED WITH
PLATINUM SPONSOR
ORGANISED BY
DIAMOND SPONSOR
Cover Story | Cyber Security
FORTIFY DEFENSES AGAINST EVOLVING CYBERTHREATS Smart, technology-driven cyber security solutions along-with an understanding of the origin and motive of a cyber attack can help an organization create a robust overall security strategy
A
s per the World Economic Forum, cybersecurity is the fifth biggest global risk for doing business. The threat is massive and is continuously growing. Rapid digitization, proliferation in the number of connected devices, cloud adoption, and the omnipresent always-on connectivity are further compounding the problem by increasing the attack surface. Organizations around the world are increasing their spends on cyber security with the global investments on security products and services expected to reach $124 billion in 2019. In the Middle East and North Africa region, Gartner expects security spends to reach $1.9 billion in 2019—almost a 10% increase over 2018. However, despite the increased budgets and actual spends on cyber security, cyberthreats continue to pose grave security concerns and cyber criminals continue to inflict enormous financial and reputational losses to businesses
8 | March 2019
worldwide. According to Cybersecurity Ventures, by 2021, cybercrime will cause financial losses to the tune of $6 trillion.
Vulnerable to Attacks The faster the world moves towards 'smart', the greater the surface for cyber attacks. Currently, every business, irrespective of its size, is embracing digitization. Cloud adoption is at an alltime high, especially in the Middle East. Similarly, smart devices—including smart consumer devices, cars, wearables, health trackers, and so forth—are impacting daily lives in far-reaching ways. In such a connected scenario, any attack on a critical infrastructure will not just lead to financial losses but also put numerous lives at risk. Some of the biggest names including Facebook and Marriott have been the recent targets of cyber attacks resulting in millions of customer records being stolen. That said, the small and medium
businesses (SMBs) are no better off. In fact, SMBs face a greater risk of cyber attacks largely because their primary focus is on business growth rather than cyber security. Irrespective of the level of threat they face, most organizations are ill-equipped to fight this menace of cyber threats. While many organizations have taken measures to protect their business assets against automatic bots attacks, their defenses against human-driven attacks are at best amateur. “If active adversaries get into a system they can ‘think laterally’ to troubleshoot roadblocks, evade detection and move around. It’s hard to stop them unless the right security measures are in place,” says Dan Schiappa, senior vice president and general manager of products at Sophos.
Future is Unsafe Future doesn't seem secure either. While there are no new attack types predicted
for 2019, the threats will continue to emanate from the evolution of the existing attack types, especially business email compromise, which will be the preferred entry point for cyber criminals. Social engineering will evolve, phishing attacks will become more advanced to use homoglyphs and legitimate certifcations, and there will be an increase in credential stuffing attacks. What's more, with complicated malware at multiple stages and transmitted in various form factors, it will become increasingly difficult to detect these threats. “Malware has different form factors, ones that target endpoints (desktops, laptops and servers) and then there is malware that can inject itself into application code such as a malicious JavaScript on a website that is mining crypto-currencies. In short you need a defense in depth approach to malware that goes beyond just endpoints,” advises Shah H Sheikh, Senior Cybersecurity Consultant & Advisor / Co-founder at DTS Solution. Cybercriminals usually try to maximize their 'profits' with the least effort; and, therefore, experts believe that cyber criminals will focus their attention on the weak links—countries and/or industries that have legacy security set-ups. Organizations that have elaborate security mechanisms in place are obviously a less attractive proposition, although not entirely improbable. That said, organizations in the Middle East and Africa, especially small and medium businesses, often have a false sense of protection that their security posture is robust, without realizing that the threat landscape is evolving rapidly. Failure to keep pace with this dynamic threatscape will only make them more vulnerable to cyberattacks. Cloud adoption in the Middle East is on an upswing, which has also made it the favourite attack vector due to the weaknesses in shared security models. Security of business assets in the Cloud is a dual responsibility of the provider and the organization. While the Cloud providers protect the infrastructure platform, it is the responsibility of an individual organization to secure the data and access. According to McAfee's Cloud Adoption and Risk
Report, nearly a quarter of the data in the cloud can be categorized as sensitive, putting an organization at risk, if stolen or leaked. The report further reveals that sharing sensitive data in the cloud has increased 53 percent YoY. Therefore, it is essential that organizations adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls in order to secure data and ensure compliance with the prevalent regulations. “A more holistic view of cloud computing, complemented with open source architectures and API management capabilities will fast-track innovation and time-to-market for organisations and
threats. “In order to be as generic as possible, it is a good idea to select devices whose firmware can be upgraded easily,” advises Dimitris Raekos, General Manager, ESET, Middle East. “IoT security is key to gain and retain consumer trust on privacy and to fulfil the full potential of the IoT promise. To achieve this, there are three essential pillars to secure the IoT data at rest and in motion: securing the device, securing the cloud, and managing the IoT security lifecycle,” adds Pavie of Gemalto.
The Buzzing Dark Web Cyber attacks are becoming more strategic as cyber criminals use more
Cyber criminals will focus their attention on the weak links countries and/or industries that have legacy security set-ups will be one of the fundamental pillars for digital transformation for the enterprise,” says Sebastien Pavie, Regional Director for Enterprise and Cybersecurity META, Gemalto. Technologies like the Cloud Access Security Brokers (CASB) and deception can help organizations seek new security controls and address these challenges effectively. The proliferation in the number of Internet-of-Things-enabled smart devices globally and greater adoption of voice assistants has opened up another avenue for cyber attacks. Cyber criminals are using weak security of the IoT devices to gain control over them and create havoc on individuals and organizations. Cyber criminals can use these devices to connect to botnets, launch a DDoS attack, steal personal data and attack websites. Similarly, increasing use of smartphones have also opened the doors to greater
sophisticated tools and techniques. The dark web is buzzing with activity where cyber criminals share 'expertise' and 'knowledge'. In addition, ready-to-use toolkits to orchestrate numerous types of cyber crimes are easily available. Detailed personal information of customers including name, phone number, email address, residential address, and even passwords, harvested from data breaches are also available for sale on the dark web for as cheap as $1! Cyber crime has grown to become a parallel economy in itself. A Surrey University criminologist has estimated that cyber criminals reap 'business profits' to the tune of $1.5 trillion per year. This is because there's a thriving ecosystem of cyber crime complete with forums, chat rooms, and marketplaces for malware, bots, and other criminal services in the dark web. Apart from the 'qualified' March 2019 | 9
Cover Story | Cyber Security
criminals, there are newbies and 'aspiring' criminals who can upgrade their 'skills' and access sophisticated tools and techniques to inflict losses to businesses and end customers alike. For instance, cyber criminals use stolen prescriptions to buy by-prescription-only medicines and sell them illegally at exorbitant costs. Similarly, they use stolen credit card details to make illegal purchases that are billed to unsuspecting customers. The dark web cannot be wished away. In fact, with greater consolidation and partnerships, use of malware-as-aservice is driving cryptocurrency mining, banking fraud, ransomware, and bypass of two-factor authentication. Cyber criminals are leveraging technology— especially artificial intelligence—to avoid detection. As a result, evasion techniques are becoming more agile. Cyber criminals have also come to use low-level malware such as rootkits or firmware-based threats. Security researchers have also seen destructive features used as antiforensic techniques. For instance, the OlympicDestroyer malware targeted the Pyeongchang Olympic Games organization and erased event logs and backups to avoid investigation. Cyber criminals are also automating target selection through the use of artificial intelligence in their malicious software. This enables automated checking of infected devices before cyber criminals proceed further to deploy the malware and/or anti-detection techniques. Another avenue that cyber criminals are leveraging to orchestrate crimes is the social media. They create automated accounts on social media platforms to disseminate fake information, launch extortion campaigns, and tarnish brands.
The Need for Advanced Solutions To protect themselves against evolving cyber threats, organizations must look beyond the traditional approaches and include smarter solutions in their cyber security armoury. Artificial intelligence and machine learning are the go-to-technologies that can provide organizations with the necessary
10 | March 2019
wherewithal to deal with the variety and velocity of evolving cyber threats. With efficient data-crunching abilities, artificial intelligence and machine learning can unravel behavioral patterns and provide digital intelligence that enable organizations to track down the culprits. These technologies also help detect break-ins, spam, phishing and other such malicious activities. However, despite artificial intelligence boosting economic growth in the UAE by 1.6 per cent and adding an expected $182 billion (Dh 667,94 tn) to the national economy by 2035, its adoption has been slow. This is primarily due to unrealistic expectations and heavy investments. However, with the cost of computing reducing, AI adoption is gradually growing. This will be further enhanced with organizations adopting high-speed, lowlatency networks coupled with high-end performance edge compute.
Available Solutions In a scenario where it is a matter of when an organization will become the next target, organizations must adopt an attitude of 'already compromised'. This enables them to keep a constant vigil and respond immediately should an exposure
occur. Advanced solutions are available on the market that organizations can consider to fortify their defenses. Some of these solutions include: Privileged Access Management (PAM): When cleaning up after a cyber attack, existing passwords or keys should not be reused. All credentials must be changed (rotated) across every affected or linked resource. Privileged Access Management (PAM) solutions for cyber forensics and security breach remediation from BeyondTrust can be used to secure redeployment through strong credential management. PAM technology is usually used for privileged passwords like administrator, root, service accounts, and DevOps secrets, for both new projects and legacy systems to stop privileged attack vectors. Firewalls: Next-generation firewalls such as Sophos XG firewall feature lateral movement protection to prevent targeted, manual cyberattacks or exploits from infiltrating further into a compromised network. It prevents threats from spreading, even where the firewall doesn’t have direct control over traffic. Email Security: Impersonation attacks continue to be significant because employees usually respond to an email
Top Scams of 2018 There are various methods that cyber criminals employ to cheat businesses and businesses. The top scams of 2018 are listed below in alphabetical order: • • • • • • • • • • • • • • •
Airbnb Apple Care Bank loan or credit card Cars Cryptocurrency Death threat hoax Facebook impersonation (hijacked profile) Fake antivirus software Fake bank apps Fake news Fake shopping websites Greeting cards Hitman Jackpotting (ATM scam) Job offers
• • • • • • • • • • • • • •
Lottery Loyalty points phishing Make money fast (economic scams) Netflix Over-payment online Phishing emails Porting Romance Shimmer SMS scamming(Smshing) Tech support online The Nigerian scam Tickets Travel
from an executive of the company. Solutions such as the FireEye Email Security – Server Edition features onpremises email enhancements including executive impersonation protection, expanded URL protection, a new machine learning engine to detect emerging threats, password-protected image analysis, and guest image customization. These capabilities protect employees from display name and header spoofing. Inbound mail headers are analyzed and cross-referenced with a Riskware policy created by the administrator, and headers that do not align with the policy and/or show signs of impersonation activity can be flagged. Small Office Security: Kaspersky Small Office Security provides security against cybercrime without the need for handson administration or technical expertise. Apart from providing protection against malware, financial fraud, phishing and other threats, this solution also extends server protection and helps keep applications updated, so that unpatched vulnerabilities do not let threats infiltrate business networks. Multi-layered Protection: ESET's NOD32 Antivirus, ESET Internet Security, and ESET Smart Security Premium provide fortified multilayered protection, enhanced IoT protection, product referral, and a security report feature to help protect constantlyconnected devices. Pay-Per Vulnerability (PPV) Service: Organisations can navigate the threat landscape in a cost-effective manner using the Pay-Per Vulnerability (PPV) service offered by Spire Solutions. Using this service, companies—at various levels of maturity of security roadmap—can uncover gaps in their cyber security posture, and pay only for issues identified with no upfront commitment.
Security in the Year Ahead In 2019, organizations will train greater focus on supply chain risk, as a large number of breaches in 2018 were found to be driven by suppliers and contractors. Going forward, organizations will lay greater emphasis on certifications and compliance from suppliers for their
services so that they can be trusted. Another area of focus in 2019 will be on information sharing—both internal and external. Realizing the importance of threat intelligence, organizations will talk about the need for an intelligence function. More and more organizations will collaborate to proactively protect against threats. And to ensure the quality and realiability of the shared threat intelligence, more organizations will embrace native integrations in their platforms. The concept of Security Orchestration, Automation and Response (SOAR) as a framework will find greater adoption and fuel collaboration across markets and industries. Last, but not the least, organizations will educate their employees about the basic cyber security practices in order to fortify their first line of defense. “Organizations world over are now realizing that their employees are one of the reasons for making their business vulnerable. It is now imperative to implement personnelfocused solutions by delivering training to the staff. An effective method of protecting organizations from cyber threats caused by human-related factors is to combine the efforts between human resources and management,” says Amir Kanaan Managing Director of Kaspersky Lab for the Middle East, Turkey and Africa.
The Way Forward Increased digitization, cloud adoption and advancements in technologies—particularly Internet of Things and smartphones—are expanding the attack surface for cyber criminals. In a bid to protect customer data from possible abuse and make organizations more accountable on how they extract and use customer data, regulators have introduced regulations and directives. It is mandatory for the organizations to comply with these regulations, failing which can attract hefty fines. To face these challenges efficiently and still gain a competitive advantage, oganizations must make a progressive move from simple IT risk management to digital risk management. They must proactively build their IT strategies and lay a strong foundation to combat cyber-attacks.
FACTS AND FIGURES • Cyber security is the fifth
biggest global risk for doing business – World Economic Forum • Global investments on
security products and services is expected to reach $124 billion in 2019 – Gartner • In the Middle East and
North Africa region, security spends will likely reach $1.9 billion in 2019 – Gartner • Cybercrime will cause
financial losses to the tune of $6 trillion by 2021 – Cybersecurity Ventures • Nearly a quarter of the
data in the cloud can be categorized as sensitive – McAfee's Cloud Adoption and Risk Report • Sharing sensitive data in
the cloud has increased 53 percent YoY – McAfee's Cloud Adoption and Risk Report • Cyber criminals reap
'business profits' to the tune of $1.5 trillion per year – A Surrey University criminologist
March 2019 | 11
Interview | Kaspersky Lab
Reasons for Businesses Becoming Vulnerable to Cyber Attacks
Amir Kanaan Managing Director Kaspersky Lab, META
In the wake of rising incidents of data breach, what can businesses do to reduce their vulnerability? With the rise in the number of cyber-attacks taking place, there is a lot that organizations need to consider in order to put a proper cybersecurity strategy in place. However, often businesses tend to be pre-occupied with installing the best security solutions that they don’t pay attention to providing their employees with the proper training. Organizations world over are now realizing that their employees are one of the reasons for making their business vulnerable. It is now imperative to implement personnelfocused solutions by delivering training to the staff. An effective method of protecting organizations from cyber threats caused by human-related factors is to combine the efforts between human resources and management. Employees should be motivated and encouraged to be more vigilant and ask for help in case an incident should occur. Employees will respond better if they are provided with security awareness training which provides clear and straightforward guidelines. These training sessions help improve skills and create an environment where employees are actively aware that their mistakes could have a catastrophic effect on their business. Most of the threats that are aimed at unsuspecting employees are phishing attacks. These attacks can be addressed with end-point security solutions which cover the needs of SMB and enterprise companies in terms of functionality, pre-configured protection, or advanced security settings, to minimize risks.
12 | March 2019
What are some of the solutions that are absolutely essential to ensure security of a business? In today’s modern business setup it is nearly impossible to not store sensitive personal data. According to Kaspersky Lab’s recent data protection report 91% of businesses in META have at least some form of data security and compliance policy in place. The report also shows that 88% of businesses in META collect and store their customers’ personally identifiable information. This goes to show that businesses are steadily taking security seriously and aiming to implement the best solution. However, a compliance policy isn’t enough to ensure that the data will be handled properly. Businesses should make sure that the security solution they choose protects data across the whole infrastructure which includes cloud, devices, applications and more. Cybersecurity awareness is not restricted to just IT staff but should extend beyond and include all departments. More and more departments are working with data and thus need to understand how to keep it safe. The rising trends of bring your own device (BYOD) and hot desks are giving rise to unique security threats. What can businesses do to secure their networks in such situations? The trend of bring your own device (BYOD) has its own set of benefits but the main issue is that IT security awareness among staff members is very low. According to a recent study conducted by Kaspersky Lab and B2B International, only 18% of employed respondents in the META region are fully aware of the IT security policies and guidelines set in their workplace. This, combined with the fact that only 40% of employees consider protection from cyber threats a shared responsibility, presents additional challenges when it comes to setting the right cybersecurity framework. Another report on the Human Factor in IT Security: How Employees are Making Businesses Vulnerable from within, also shows that actions (or inaction) of careless personnel led to an attack in 55% of cybersecurity incidents within the last year. To deal with this problem, businesses would benefit from regular IT security awareness training for staff, in conjunction with cybersecurity products tailored to their specific business needs.
Interview | DTS Solutions
Securing databases is an art approach by adopting a security based culture within the organization. From the gamification of security awareness, to regular team building exercises that promote cyber security, to running phishing simulations and human based cyber range exercises. Humans as they say are the weakest link so it is always advisable to run these simulations and ensure you cover yourselves. This involves not only your internal employees but your 3rd parties too. Try social engineering with your 3rd parties and see the results – you will be surprised.
Shah H. Sheikh Sr. Cybersecurity Consultant & Advisor Co-founder DTS Solution
Malware is one of the top threats businesses face today. What steps can they take to protect themselves against malware? Malware nowadays are getting more sophisticated that can easily bypass traditional anti-virus detection engines. Most AV vendors have realized and adopted better detection and prevention techniques such as the use of Machine Learning, Artificial Intelligence and in some cases Deep Learning. Malware has different form factors, ones that target endpoints (desktops, laptops and servers) and you have malware that inject itself into application code such as a malicious JavaScript on a website that is mining crypto-currencies. In short you need a defense in depth approach to malware that goes beyond just endpoints. How can businesses ensure protection against the rising threat of social engineering? This is trivial and one needs to adopt human centric security
How important is securing the database in the context of digital businesses of today? Databases is the brain behind any digital infrastructure – whether they are traditional databases or distributed data lakes (big data) – they store data in structured or unstructured nature and therefore one needs to exercises the full gambit of data security and data governance. This starts by classification and labeling of data to ensuring data activity monitoring is performed to ensuring encryption at rest, transit whilst adopting advanced techniques such as data masking and tokenization. Securing databases is an art not a science, often security professionals have limited understanding on databases as these are not systems they operate every day. Take the example of database security when spinning a database up as a microservice or if your organization is adopting big data – and how security needs to be applied in such instances and the whole set of security controls changes. The bottom line is, understand your database landscape, understand data flows and identify the relevant security control around your databases and within your database. Last but not least – your DBA’s should also be monitored to ensure internal fraud or misuse does not occur. Tell us more about vulnerability management and your approach towards this. This is a domain that has been practiced since I can remember; nothing new in this, there are well established tools for vulnerability management. What is typically missing in organizations is a solid program and process around vulnerability management that starts by having a well structured asset CMDB which allows you to pinpoint your asset classes and perform vulnerability assessment on scheduled basis. For example how many databases in your organizations have been classified as critical and are they tagged to perform vulnerability assessment on a more frequent basis than other databases. In some security domains – getting a process right overrules the technology behind it and vulnerability management along with patch management is one of them. Beyond that vulnerability management tools always capture vulnerabilities, vulnerability assessment and penetration testing. Its important to do the basics and ensure hardening is done first, no point in building a nice building without a solid foundation – the same goes for any IT infrastructure. March 2019 | 13
Interview | Gemalto
ADOPT A 360-DEGREE APPROACH TO SECURITY How do you see enterprises fortifying their security postures in the wake of evolving cyber threats? With organisations wrestling with the guarantee of security, trust, and control in the cloud, and in an increasingly competitive cloud provider ecosystem, enterprises are challenged to evolve to provide not only network connectivity but cloud and managed services and the security ecosystems to secure their customers’ cloud-based infrastructures. The popularity of cloud computing is expected to grow and this will have a very positive impact on enterprises. They are now opting for fully automated cloud-based authentication to reduce administration overheads and offer solid foundations to scale cloud based and on-premises environments. With the explosive growth potential of IoT in the future, cloud computing offers the technology enabler to provide scalable, reliable and secure cloud services to the stakeholders in the IoT ecosystem. Telecom operators in the Middle East that accelerate the migration of their existing architecture towards the cloud model will take early mover advantage. A more holistic view of cloud computing, complemented with open source architectures and API management capabilities will fast-track innovation and time-to-market for organisations and will be one of the fundamental pillars for digital transformation for the enterprise. Increasing mobile penetration presents a unique set of security threats. Can you elaborate on the ways businesses can protect this attack avenue? The UAE, Kuwait and Bahrain all have mobile penetration rates of over 200 percent. Saudi Arabia has 43 million subscribers, with mobile penetration sitting at 131 percent. This rapid deployment will be driven not just by 5G’s eye-catching performance figures, but by how they are achieved. With the GSM Association predicting over 50 million 5G connection across MENA by 2025, security is a palatable concern. According to a recent Ericsson report, 8 out of 10 respondents mentioned “concerns around data security and privacy” as a barrier to 5G adoption. Therefore, to unleash its potential, stakeholders must put in place new strategies to protect us from the increasingly sophisticated threats posed by cybercrimes. Consequently, they must ensure that robust protection is built in from the outset of every project, not bolted on at a later stage - or even ignored completely. What’s more, a ground-up approach is essential, starting with the processor and maintained at every level beyond that.
16 | March 2019
Sebastien Pavie Regional Director for Enterprise and Cybersecurity META Gemalto
What is the current state of security for Internet of Things enabled smart devices and what evolution do you foresee? IoT enabled devices like Fitbits, pet trackers and smart TVs add a level of convenience to your life. They do everything from urging you to exercise to placing your grocery order. However, this convenience has clearly come at a cost. These IoT enabled devices which store your personal data and communicate with each other have been notorious for having weak security, and in the past hackers have been taking advantage of that. In the last few years, internet-connected baby monitors have been hacked, smart cars have been compromised, and internet access in different regions globally have been threatened. As
new devices come to market, security researchers have taken up the cause to expose their vulnerabilities and make the world aware of the potential harm of connecting devices without proper security. In 2017, Gartner, Inc. forecasted that there will be over 20 billion connected things by 2020, as wireless networks, computing power and data proliferate. This opens up exciting new business opportunities and a trail for economic growth. But it also opens the door to a variety of new security threats. IoT security is key to gain and retain consumer trust on privacy and to fulfil the full potential of the IoT promise. To achieve this, Gemalto sees three essential pillars to secure the IoT data at rest and in motion: securing the device, securing the cloud, and managing the IoT security lifecycle. As more and more devices are connected, businesses need to embrace security by design - building security into products from the ground up. This approach is imperative to ensure devices are shielded from attacks as much as possible, from the core to the edge, and through their entire lifecycle. Cloud adoption in the Middle East is probably the highest, that opens up a large attack surface as well. What solutions do you suggest businesses to adopt in order to secure their assets in cloud? The move to cloud-based services and virtualised data centers presents unprecedented challenges in terms of safeguarding sensitive assets and identities, and maintaining compliance. As organisations migrate their IT infrastructure to public cloud applications, the need for data-centric solutions that can protect data in the cloud, on a device, at access, and on the network becomes critical. Two years ago, the UAE launched a new smart living strategy in a bid to build the world’s most advanced IoT ecosystem. In a bid towards securing the IoT, the 'Data Wealth' initiative soon followed, protecting the emirate’s data and identity with “Dubai Digital Certificates”. The Dubai Digital Certificates safeguards data wealth and provide greater safety and security, imperative to a seamless IoT experience. There are a number of solutions that can support businesses in keeping data in the cloud safe and secure. For example, Gemalto’s SafeNet Identity and Data Protection solutions providing persistent protection of sensitive data from the edge to the core of a network, with scalable solutions for user authentication, encryption, and key management, on the telco premises or hosted as a service by Gemalto. In addition, solutions like the SafeNet Authentication Service deliver fully automated strong authentication from the cloud, enabling Telcos to deliver secure remote access services for cloud, virtualized, network, and portal environments — without
deploying and managing a costly, complex infrastructure. Increasing incidents of data breach are a cause of worry. What can industries do to neutralize this, especially financial? In 2018, the financial services industry topped the list as the most expensive industries for data breaches, costing companies in Saudi and UAE a whopping $219 million according to an IBM study on security. Companies have to be extremely proactive when it comes to building their IT strategy, and building a strong foundation to combat cyber-attacks. Financial organisations, especially, should adopt a 360-degree approach to security, with every element of the digital network secured. Securing the cloud and implementing IoT Security Lifecycle Management greatly reduces the risk of a breach. Building multi layered security into the framework of
solutions like the SafeNet Authentication Service deliver fully automated strong authentication from the cloud, enabling Telcos to deliver secure remote access services for cloud, virtualized, network, and portal environments
the company is imperative to ensure customers are shielded from attacks as much as possible, from the core to the edge, and through their entire lifecycle. Legislation like GDPR, which can fine companies up to 4% of their global turnover, if they are found to have suffered a breach will start painting a clearer picture of the tangible financial cost of a data breach. However, it is also important to remember that the true cost of a data breach is not just a financial one. The extensive list of tangible and intangible costs includes the erosion of customer trust, which can be the most detrimental factor to an organisation’s success. The focus is to get the right combination of reliable, futureproof, and scalable security solutions, adapted to individual needs. Regular evaluation of connected devices also goes a long way in staying on full alert for breaches. By executing a thorough testing of devices and systems as well as ensuring appropriate security solutions are in place, organisations can substantially reduce the risk of an attack and protect users’ sensitive data. March 2019 | 17
Interview | ESET
Apply Basic Best Practices to Mitigate Cyber Risks
Dimitris Raekos General Manager ESET Middle East
With connectivity required for smart devices, What are some of the entry points and how they can be plugged to protect against threats? Users are embracing smart devices both in their home and business environment so do their security problems. Unfortunately majority of smart devices have certain vulnerabilities or lack proper configuration therefore cyber attackers are always looking to monetize such opportunities. In order to be as generic as possible, it is a very good idea to select devices whose firmware can be upgraded easily. A web research can unveil this process by showing the availability of the updates and hence this is a good indicator for someone to decide on the vendor. Moreover, it is really important to have a manual in a language that is well understood and always change the default passwords to something more complicated. Online businesses especially financial institutions are innovating to offer personalized experience to their customers. What are the challenges they
18 | March 2019
face and how are they addressing these challenges? One of the biggest challenges of an organization that processes financial and personal data is – compliance. Making sure that the client data is safe might be quite complicated especially when they are outsourcing activities to reduce costs, for example, via external call centers or cloud services. Therefore they need to make sure that their suppliers or subcontractors are following the required security measures. Something very important to point out is that complying with regulations doesn’t make an organization 100% secure, however it creates a good corporate framework and culture. In addition, customers are looking to receive the same experience from different channels 24/7 therefore this increases the exposure risk of the organization for cyber-attacks and for compliance as they will need to balance and satisfy both customers and regulatory authorities. With changing demands on the modern networks, how can businesses ensure all-round network security? Nowadays, through dark-web you can find a wide range of ransomware packages offered as a service, just as if it were a legal software. On top of that, various services offer credentials that give access to servers in various parts of the world via remote desktop protocol (RDP). The prices are in the range of US$8-15 per server and you can search by country, by operating system, and even by which payment site users have accessed from that server. If we also add the vulnerabilities of IoT devices that are entering the office space and touching company’s data, we have a very dangerous mix. Businesses can mitigate most of the above cyber security risks by applying
basic best practices, like a recognized Endpoint Security protection that will not remain with the default settings but it will properly configured as per the environment requirements. Employment of 2FA can protect access on local area network and cloud resources of organizations including emails, server logins, CRMs, ERP etc. Backing up the data is always important because whatever measure taken we should be aware that cyber criminals might be one step ahead. Larger organizations are suggested to have more network intelligence by monitoring the traffic of their internal network for potential anomalies and APTs. Despite the suggested measures, all of the above can fall apart by the lack of awareness of a single user therefore it is crucial that employees must follow a cyber awareness training. Please give us a sense of the enterprise security market in the Middle East and how prepared are businesses? During the last couple of years we have observed significant efforts from the government, vendors and managed security providers to increase the awareness in organizations and individuals related to cybersecurity risks. Large enterprises and organizations have already started adopting appropriate strategies. One of the biggest flops of enterprises are the marketing hypes around important technologies that include or are solely based on machine learning, artificial intelligence and blockchain. Therefore, it is very important to understand these technologies; and be aware up to what degree can help them. In a recent ESET study we have seen IT people be confused from the terminology used by different vendors therefore organizations need to seek more clarity from vendors and their claims to avoid unpleasant situations.
News In Detail
Pulse Secure EMEA Partner Summit delivers new channel initiatives
P
ulse Secure, the leading provider of software-defined Secure Access solutions, has completed its largest EMEA partner summit ever at their three-day event in Malta. During this third annual gathering, Pulse Secure shared their newest Zero Trust and SDP solutions taking Secure Access beyond VPN. Pulse Secure also introduced its new Access Now partner program; including new certifications, enhanced partner enablement and partner benefits, all which support a streamlined channel footprint focused on continued growth with committed partners. Supported by pan EMEA distributors Westcon and Arrow, the oversubscribed summit welcomed partners from twentyfive countries to meet the expanded Pulse Secure EMEA team, which in 2019 continues to grow to ensure local Pulse Secure coverage across EMEA. Having enjoyed 12 quarters of double-digit growth, Pulse Secure senior executives including Justin Barney, Chief Revenue Officer; Aaron Moroson, Senior Director Worldwide Channel Sales, and Paul Donovan, Vice President – Sales, EMEA, presented numerous announcements designed to help channel partners tap into the growing demand for secure access. Pulse Secure 2019 EMEA channel summit announcements included: • Realignment of accreditation of the partner community allowing Pulse Secure to focus resources on its most active partners. • New accrued market development funding to help partners deliver localised lead generation and awareness raising activities. • New certification and exam process, including discounted training, to help channel partners gain valuable sales and technical education and to ensure
Alan Finden Channel & Distribution Director EMEA, Pulse Secure
competency for end-clients. • Enhanced partner portal featuring “campaign in a box” materials along with access to sales, technical and promotional offers. • Enhanced Pulse Secure offerings to support demand for Zero Trust architectures including first demonstration of Software Defined Perimeter technology to be launched in April. • Breakout sessions allowing experienced technical and sales staff to “test out” for certification requirements ran on site during the event. The event also included the Pulse Secure EMEA partner awards that recognised channel achievements during 2018. The event also hosted several case studies for successful channel-led projects utilising Pulse Secure technologies including BBC iPlayer, Amazon, Dassault, Unicredit and Daimler. Alan Finden , Channel & Distribution Director EMEA for Pulse Secure said, “Since
we spun out of Juniper Networks in 2015, Pulse Secure has been a 100% channelcentric company and our phenomenal success in becoming a leader in Secure Access has been powered by our partners. Today, our core Secure Access portfolio including VPN, NAC and vADC, enjoys double digit growth and globally we now support over 30,0000 enterprises across the world. “Yet from the very outset, we have been a technology provider that has embraced the notion of Zero Trust. The growing interest in this security architecture along with recent updates to our product line to enable an end-to-end Software Defined Perimeter provides our channel partners with an exciting future. “However, technology is only half the story and the launch of our new channel program and growing local team underscores our commitment to supporting our partners across the region to grow with us during 2019 and beyond,” Alan Finden, concluded. March 2019 | 19
News In Detail
Forcepoint X-Labs Division is World’s First Security Lab for Behavioral-Intelligence Innovations
Raffael Marty Vice President, research and intelligence Forcepoint
F
orcepoint has launched the X-Labs division, the world’s first dedicated research division that combines deep security expertise with behavioral science research. The new X-Labs team will use data insights from the entire Forcepoint product portfolio to drive innovation in modern, riskadaptive security solutions. In the last seven years, more than $1 trillion has been spent on cybersecurity to deliver a 95 percent success rate—for
20 | March 2019
the attackers. Today legacy security products are failing because they are not designed for modern cybersecurity challenges and fail to address the two constants in any organization: people and data. X-Labs will transform and augment cybersecurity solutions built on traditional threat intelligence with patent-pending behavioral intelligence insights into human and machine behavior. Over time, this unique behavioral intelligence corpus will integrate into the new Forcepoint Converged Security Platform to extend automated and risk-adaptive protection across an organization’s entire on-premises and cloud infrastructure. “Forcepoint X-Labs’ mission is to understand digital identities and their related cyber behaviors, particularly as they interact with high-value data and intellectual property,” said Nicolas Fischbach, chief technology officer, Forcepoint. “Forcepoint’s unique approach to cybersecurity delivers insights built on behavioral intelligence. Delivered within a privacy-by-design process, these behavioral insights have never been integrated into security products before.” “We are moving away from reactive yes and no security decisions to dynamically scored risk-based decisions,” said Raffael Marty, vice president of research and intelligence, Forcepoint. “By providing both threat and behavioral intelligence insights, and natively integrating these with our products, we offer true riskadaptive protection which understands people and their behavior. This significantly reduces security friction in an organization and allows business leaders to unleash the power of productivity and innovation for competitive advantage today.” The ATP is designed to natively integrate with Forcepoint’s behavior-based analytics which collect data from sensors across cloud, endpoint, third-party applications, services (including SaaS) and more. The artificial intelligence models within the ATP then contextualize the events and compute a risk score for each entity. Risk scores are calculated by utilizing an expansive behavior catalog comprised of innumerable scenarios, such as a user stealing data or when an individual’s account credentials are compromised.
Toshiba's SMART App for Smart Business Growth
Toshiba has announced the launch of its pathbreaking app—the Toshiba SMART App—to help its channel partners and channel sales force to enhance customer engagement and fuel business growth
T
he Toshiba SMART App is a first-of-its-kind initiative to help channel partners with front-end selling through better engagement with customers and enhanced shopping experience. The app is a storehouse of information with comprehensive product details, short videos, ads, digital banners, and other marketing collaterals (for print and digital use) about Toshiba's various product-lines. In addition, the app has a collection of latest corporate and product marketing tools that channel partners can access whenever they need them. These smart Sales Aid tools in the SMART App help all salespersons—who sell or recommend Toshiba's range of products to end customers, dealers, or corporate customers—to convert leads into sales and fuel business growth. One of the biggest advantages of this innovative step from Toshiba is that the app successfully addresses the biggest pain-point of locating appropriate product information. Currently, salespersons waste a lot of effort and time in browsing through catalogues, booklets, and other sources to locate the information they need. The Toshiba SMART App is a perfect resolution to this problem, as it eliminates the need to search disparate sources and saves enormous amounts of time and effort for the salespersons. An intuitive user interface and easy to navigate menu make it extremely simple to find the relevant information in a matter of just a few finger-taps. All the information is packed in easy-to-consume, byte size packages, which not only minimizes the effort but also makes it convenient for salespersons to keep themselves abreast of the latest buzz about all the B2C and B2B products, including
Memory, HDD, Surveillance, or Enterprise products. Complete with the latest information, product specs, infographics, and fact sheets, the SMART App acts as a onestop-shop for all product, sales and marketing information for channel partners, sales staff of the SIs, and other floor sales staff selling Toshiba's range of B2C or B2B products. What's more, with easy-to-use data sheets and/or infographics content for every product, including surveillance and enterprise solutions, this path-breaking app acts as a ready reckoner for salespersons even when they are on the go. The SMART app is a repository of all the latest marketing collaterals such as product videos, branding videos, and all product-related artworks, making it easier to locate and use these marketing materials instantly. Since the app is always up-to-date with the latest product information, salespersons can confidently communicate with the customers and assist them in making more informed and confident buying decisions. This enhances customer experience and delivers greater engagement, while enabling salespersons to increase their sales. The Toshiba SMART App is available on Google Play as “Toshiba Sales and Marketing Resource Tool (SMART)” and can be downloaded on any Android phone. The app is extremely light (at less than 3MB), secure, and quite easy to setup and navigate. All it takes to begin using the SMART App is to provide an email ID where the confirmation link is sent for registration. It is pertinent to check the Terms & Conditions. statement before registering. March 2019 | 21
Insight | Gemalto
Identify3D deploys Gemalto solution to Protect Customers’ IP and Manufacturing data
As our customers seek to expand their capabilities, we needed a solution that would enable them to grow comfortably, without compromising our security-first principles,” said cofounder and Chief Strategy Officer Stephan Thomas.
G
emalto has announced that Identify3D has deployed its SafeNet Data Protection On Demand to protect its customers’ intellectual property and quality of their digital manufacturing services in the cloud. Identify3D selected SafeNet Data Protection on Demand due to its ability to provide a wide range of cloud-based hardware security module (HSM), encryption, and key management services that easily integrate with the existing applications and cloud services. The company can now offer secure digital manufacturing services while enjoying the flexibility and scalability of a managed cloud-based security service with zero upfront investment. “For many companies operating in our space, security is only bolted on when customers ask for it. That’s not the way we do things; for us security, specifically data protection, must be a part of the process from day one. As our customers seek to expand their capabilities, we needed a solution that would
22 | March 2019
Todd Moore Senior Vice President, Data Protection Gemalto
enable them to grow comfortably, without compromising our security-first principles,” said co-founder and Chief Strategy Officer Stephan Thomas. “Many cloud service providers want to lock you in and make you buy more services when you need to expand. Gemalto’s business model matched our requirements and the process was simple,” said Doug Peterson, Identify3D senior field application engineer. Todd Moore, senior vice president, Data Protection at Gemalto said, “It’s refreshing to see another company that employs a security-first approach. For too long businesses have maintained a ‘buy now add security later’ mentality for their customers, putting too many end-users at risk. With SafeNet Data Protection on Demand, Identify3D is able to efficiently provide a secure digital manufacturing service that meets the quality of service and data protection requirements of their customers.”
Insight | Sophos
Cybercriminals Most Likely to be Caught on Servers and Networks: Sophos Survey
S
ophos has announced the findings of its global survey, '7 Uncomfortable Truths of
Endpoint Security', which reveals that IT managers are more likely to catch cybercriminals on their organization’s servers and networks than anywhere else. In fact, IT managers discovered 37% of their most significant cyberattacks on their organization’s servers and 37% on its networks. Only 17% were discovered on endpoints and 10% were found on mobile devices. “Servers store financial, employee, proprietary, and other sensitive data, and with stricter laws like GDPR that require organizations to report data breaches, server security stakes are at an all-time high. It makes sense that
Chester Wisniewski Principal Research Scientist Sophos
IT managers are focused on protecting business-critical servers and stopping attackers from getting on the network in the first place and this leads to more cybercriminal detections in these
environment before it was detected,
two areas,” said Chester Wisniewski,
according to the survey. To improve
principal research scientist, Sophos.
this lack of visibility, IT managers need
“However, IT managers can’t ignore
endpoint detection and response (EDR)
endpoints because most cyberattacks
technology that exposes threat starting
start there, yet a higher than expected
points and the digital footprints of
amount of IT managers still can’t
attackers through a network.
identify how threats are getting into the system and when.” Twenty percent of IT managers who
IT managers ranked identification of suspicious events (27%), alert management (18%) and prioritization
were victim to one or more cyberattacks
of suspicious events (13%) as the top
last year can’t pinpoint how the
three features they need from EDR
attackers gained entry, and 17% don’t
solutions to reduce the time taken to
know how long the threat was in the
identify and respond to security alerts.
Servers store financial, employee, proprietary, and other sensitive data, and with stricter laws like GDPR that require organizations to report data breaches March 2019 | 23
TechKnow | Dimension Data
Dimension Data Introduces Nextgeneration Managed Services
D
imension Data has announced the launch of its nextgeneration global managed services to help clients simplify the management and operation of their technology. Dimension Data’s Managed Services Platform offers near realtime insight and reporting, managing over 9,000 IP networks and supporting over 13 million users across the globe. Meeting increasing client demands, the platform liberates IT and operations teams to focus on more strategic, value-add tasks such as improving the customer experience, maximising cost efficiencies, and exploring emerging technologies. As Christian Saldias, IT Manager at ALMA, a Dimension Data Managed Services customer, explains: “We chose Dimension Data because our main core business is not IT, it’s scientific data production. We are a small IT team and we need support from a company that has all the expertise that we don’t have. Dimension Data provides us with all the expertise we don’t have – and we don’t need to have.” The benefits of Dimension Data’s managed services offering include • Automation – Comprehensive analytics, service delivery, and process development – along with proactive, near real-time performance visibility and control. Bill Padfield Group COO, Transformation and Services Dimension Data
•
Agility and scalability – An ability to scale in rapid business growth environments with minimized risk of downtime, and end-to-end management across multi-vendor and multi- technology infrastructures.
• Client experience – Dedicated client success managers to help adoption and fast response resolution.
“Our global managed services and delivery platform has re-engineered the end-to-end client journey, radically simplifying IT operations management and eliminating the pressure of day-today operations, while also allowing clients to take advantage of Dimension Data’s relationship with other NTT companies and best-of-breed solution providers.”
24 | March 2019
• Cross-technology expertise: Deep expertise across multiple technology areas including networking, collaboration, security, customer experience and enterprise applications. Bill Padfield, Group COO of Transformation and Services at Dimension Data, commented: “Our global managed services and delivery platform has re-engineered the end-to-end client journey, radically simplifying IT operations management and eliminating the pressure of day-to-day operations, while also allowing clients to take advantage of Dimension Data’s relationship with other NTT companies and best-of-breed solution providers.”
EyeTech
A10 Networks Delivers Industry-Leading 500 Gbps Thunder DDoS Defense System Overview: The Thunder Threat Protection system (TPS) gives service providers the highest performance DDoS defense in compact, reliable form factor. As service providers look to expand their service offerings, the Thunder TPS solution enables them to build profitable DDoS mitigation services that protect their own networks, as well as their subscribers. With 500 Gbps mitigation capacity per Thunder TPS device, A10 Networks continues to drive innovation in the fastgrowing DDoS market, leaving legacy suppliers behind. Thunder TPS solution is core to A10 Networks’ DDoS defense strategy delivering. Key Features: •
One-DDoS Protection – The industry’s only connected intelligence system that provides full-spectrum multi-vector DDoS defense with distributed detection and machine learning capabilities within targeted infrastructure, including Thunder TPS, ADC, CGN, and CFW.
•
Predictive, Automated Cyber Defense – Intelligent Automation, granular protection capabilities and zero-touch operation accelerate responses to ensure optimal, efficient protection.
•
Actionable DDoS Weapons Intelligence - Incorporates global intelligence from A10 Networks DDoS weapons research for improved security posture and real-time insights into emerging threats.
•
Industry-leading Performance – The highest performance in a small form factor enables fast detection and mitigation while lowering costs, reducing complexity, and increasing reliability in the field.
26 | March 2019
Alaris S2040 Scanner Overview: The Alaris S2040 scanner is an award winning scanner that lets users capture information anywhere, with superior image quality and data accuracy. Its the perfect solution when you need to get information into your business processes quickly. Alaris S2040 Scanner received Keypoint Intelligence – Buyers Lab (BLI) Winter 2019 Pick award for Outstanding Departmental Scanner. According to Lee Davis, Keypoint Intelligence’s Editor of Scanner/Software Evaluation, “The device wraps exceptional media handling capabilities and a robust software package into an easy user experience to help busy departments optimize their business processes where digital solutions and paper intersect.” Davis also noted that the Alaris S2040 delivers an array of intelligent, automated features that can simplify and accelerate business processes that involve scanning. “The device offers exceptional media handling capabilities that prevent data loss while keeping information flowing seamlessly,” he commented. Key Features: • Designed to help businesses capture information with superior image quality and accuracy, the Alaris S2040 Scanner’s Embedded Image Processing is fast and effective, capable of processing 40 pages-per- minute/80 images-per-minute without depending on a PC. • This model features an 80-sheet automatic document feeder (ADF) and supports the Alaris Passport Accessory and the Integrated A4/Legal Size Flatbed Accessory, offering users more flexibility to scan a variety of document types. • The S2040 Scanner is bundled with Alaris Smart Touch functionality which streamlines the scanning processes and provides users with one-touch simplicity. • Perfect Page technology provides state-of-the-art capabilities for image enhancement, ensuring clean, crisp, images even for very challenging documents and mixed document batches.
UPTO
10TB CAPACITY
SUPPORTS UPTO
64
CAMERAS
247
OPERATION
READY FOR
NVR, DVR HYBRID DVR & RAID STORAGE
180 TB/YEAR WORKLOAD
UPTO
256MB BUFFER SIZE
ROTATION VIBRATION
RV SENSOR