Synergising the Mind & Technology Economy The biggest tech show in the Middle East, North Africa & South Asia
#GITEX2019
gitex.com
#gitexfuturestars
futurestarsSales@dwtc.com
News In Detail
Change is Inevitable As the Middle east region leap frogs towards a digital-first economy, organizations are leveraging the latest technologies to offer innovative solutions and services to their customers. UAE is home to many technology-driven projects including smart cities projects and is rapidly adopting business models that are disrupting the economic landscape. However, the same technology that is powering the growth of digital businesses in the UAE is also posing grave security challenges. We are aware that cyber threats are real and here to stay. What we must also accept is that these threats are becoming increasingly complex with cyber criminals easily able to access sophisticated tools and techniques. Therefore, digital businesses in the region are training greater focus and increasing investments on bolstering their security postures. For instance, organizations in the Middle East, Turkey, and Africa are likely to invest in excess of $2.7 billion on cyber security solutions this year. Apparently, businesses also realize that increasing the spends on cyber security solutions alone will not guarantee total security. They must leverage the latest technologies to step up their defenses against a tough opponent. As the saying goes "It takes years to build a reputation and one cyber-incident to ruin it" . In this issue we have covered solutions offered by vairous brands in best tackling cybersecurity concerns. In GITEX 2019 we anticipate solutions to play a big part and its been our focus to introduce DIY products to the volume channel and through our initiative we are promoting the channel adoption towards system integration as part of their offerings. We are working closely with vendors and distributors in this realignment and anticipate positive results. Day one of GITEX 2019 will witness our 13th Editon of ICT Champion Awards where the best in the industry will gather and decorate the champions of ICT Industry. Do stay tuned.
Managing Editor: Vivek Sharma
ontents
Dear Readers
Vivek Sharma Managing Editor
A10 Networks Brings Advanced
Zero-day Automated Protection (ZAP) to DDoS Defense - 4
Emerson Acquires Spence and
Nicholson Steam Technology Product Lines from Circor - 5
Citrix Delivers Expanded Network Protection through SD-WAN Solution with Palo Alto Networks - 6
Kaspersky Helps Eliminate Critical
Vulnerabilities in Smart Home Controller - 9 Desktop as a Service (DaaS) - Transforming the Digital Workspace - 10
SPECTRAMI Announces Eight-city Predictive Cyber Defense Roadshow 2019 - 12
Veeam to Drive Middle East Businesses to Adopt Cloud Data Management at GITEX 2019 - 13
Kaspersky Security for Microsoft Office 365 Now Protects OneDrive - 14
Mimecast Makes Migrating from Symantec’s Email Security.cloud Fast and Easy - 15 Epson announces its first 24-inch dye sublimation printer - 16
UAE's Research Scientist Reveals the
Mystery of Universe Evolution Process - 18
Published by: JNS Media International MFZE
Content Lead & Business Development-
P.O Box 121075, Dubai UAE, Tel: +971-4-3705022 Fax: +971-4-3706639, website: www.VARonline.com Sales Inquiries: sales@var-mea.com All other Inquiries: info@var-mea.com | Editorial: editor@var-mea.com
Christopher David
Disclaimer: While the publishers have made every attempt possible to get accurate information on published content in this handbook they cannot be held liable for any errors herein.
Art Director: Faiz Ahmed Commercial Director - Mallika Rego
News In Detail
A10 Networks Brings Advanced Zero-day Automated Protection (ZAP) to DDoS Defense
A
10 Networks has added Zero-day Automated Protection (ZAP) capabilities to its leading Thunder Threat Protection System (TPS) family of Distributed Denial of Service (DDoS) defense solutions. The ZAP capabilities automatically recognize the characteristics of DDoS attacks and apply mitigation filters without advanced
configuration or manual intervention to speed-up the response to sophisticated multi-vector attacks, minimize downtime and errors, and reduce operating costs. With millions of IoT devices predicted to be in use over the coming years, driven by the transition to 5G networks, traditional DDoS solutions will become inadequate. The solutions available currently are static, reactive and require significant operator intervention, resulting in a slow response time to the rapidly evolving attack landscape. As a result, DDoS detection and mitigation is a growing concern for enterprises, cloud providers and service providers, alike. “The economics of DDoS mitigation and attacks are slanted towards the attackers, so we will need more efficient tools and advanced technologies to balance the equation to make DDoS defense more effective and economical,” said Chris Rodriguez, research manager, cybersecurity products.“A10 Networks is advancing the
economics of DDoS security by leveraging machine learning and advanced heuristics to create that balance.” DDoS Protection Powered by Machine Learning A10 Networks’ ZAP comprises two components: dynamic attack pattern recognition by a machine learning algorithm and heuristic behavior analysis recognition to dynamically identify anomalous behavior and block attacking agents. ZAP works in conjunction with A10 Networks’ adaptive DDoS security model and its five-level adaptive policy mitigation engines to provide a complete in-depth defense system. “In today’s climate with the dramatic increase in polymorphic multi-vector attacks and the chronic shortage of qualified security professionals, enterprises and service providers need intelligently automated defenses that can accomplish tasks autonomously,” said Lee Chen, CEO of A10 Networks.
Al Ansari Exchange Warns Against Fraudulent Calls or Scam Messages
A
l Ansari Exchange, a UAE-based foreign exchange and worldwide money transfer company, has warned its customers against fraudulent social media messages, text messages, and phone calls claiming that they have won major cash prizes in any of the company’s promotions. It strongly urged its customers to ignore the scammers, adding that the company only communicates with the winners through its official phone numbers to inform them of their prizes. The company also maintained that it would never ask its customers to disclose their personal data such as personal identification number or bank account details or instruct them to pay any fee to receive the prize. When in doubt, customers can check the
4 | September 2019
list of winners by visiting the nearest Al Ansari Exchange branch, calling customer service at 600546000, or checking www.alansariexchange.com and its official social network channels. Mohammad Bitar, Deputy General Manager, Al Ansari Exchange said: “We are fully committed to combating fraudulent activities done via messages or phone calls by implementing public awareness drives to inform and educate our customers about how to effectively handle such situations. We urge them not to respond to these scams and report them immediately to the proper authorities.” Al Ansari Exchange issued the warning after a number of people reportedly received scam messages or fraudulent calls. The impostors
would promise them large cash prizes and ask for their personal and bank account information, which were then used to steal their money. The scammers would also ask their victims not to inform anyone about the details of their winning on the pretext of maintaining confidentiality and privacy. Others would also ask their targets to send money to a certain address before they could claim the cash prize. In the UAE, various organizations have intensified their awarenessraising campaigns to educate and inform the public about proper privacy practices and protection of their personal and financial data.
BT to Deliver Cyber Security Services for Icare
Emerson Acquires Spence and Nicholson Steam Technology Product Lines from Circor
B
ritish Telecommunications (BT) has signed a contract to deploy a cloud-based SIEM service for icare, a regional provider of insurance and care services to the businesses, people and communities of New South Wales, Australia. By selecting BT, icare will be able to protect its customer data using superior cyber security capabilities and enable secure business operations. The solution is scalable and flexible that will help minimize icare’s risk exposure as business requirements change and security threats evolve. BT’s CloudSIEM service combines an Amazon Web Services-based enterprise SIEM platform with integrated threat monitoring, investigation, response and intelligence services. BT will deliver a 24x7 managed service and work collaboratively with icare to effectively complement its internal cyber security operations team. The service will be primarily delivered from BT’s Australian Security Operation Centre (SOC). Frances Bouzo, chief informaton security officer, icare, said: “The cyber security services BT is providing will help support the strategic transformation of our security infrastructure. The increased visibility, responsiveness and alignment with our internal security operations team provided by BT will enable us to proactively detect and counter security threats, and ultimately protect the critical data that our customers entrust us with. We’re delighted to be working with a company that provides all the benefits of a global presence across the security ecosystem, coupled with strong links and investments into the New South Wales region.” James Hennah, BT’s director of security for Asia, Middle East and Africa, said: “Supporting customers in 180 countries, including some of the world’s largest financial service providers, we have a unique insight into cybercrime. We know that an attack can happen anytime, and our CloudSIEM solution will help icare contextualize every relevant event with external intelligence.
James Hennah Security Director, Aisa, MEA BT's
Ram Krishnan Group President Emerson
E
merson, a global engineering and technology company, has announced it has acquired the Spence and Nicholson product lines from Circor International. The acquisition complements Emerson’s broad portfolio of steam system solutions for process industries and commercial buildings. The Spence and Nicholson lines are established industry-leading products that include steam regulators, control valves, safety relief valves, temperature regulators, steam traps and other steam accessories and solutions. “This addition to our Final Control business demonstrates the continued value of bolt-on acquisitions that fill strategic gaps in our portfolio and diversify our product offerings in growth markets,” said Lal Karsanbhai, executive president of Emerson’s Automation Solutions business. “By adding Circor’s premium steam technologies and profitable product lines, we will strengthen our position to help customers optimize their operations and enhance energy efficiencies.” “Spence and Nicholson’s capabilities will play an important role in bolstering our process offerings and expanding our opportunities with customers,” said Ram Krishnan, group president of Emerson’s Final Control business. “Enhancing these capabilities will strengthen our ability to serve customers, including automation customers, as well as hospitals, universities, commercial operations and the transportation industry, with a diverse portfolio of product offerings in the growing steam segment.” September 2019 | 5
News In Detail
Citrix Delivers Expanded Network Protection through SD-WAN Solution with Palo Alto Networks Chalan Aras Vice President, SD-WAN & Intelligent Traffic Management, Citrix
B
usiness today is more global and collaborative than ever. People work anywhere, anytime on any number of devices. And they access and share information and ideas across systems and borders. This promises new levels of productivity and innovation that can transform entire industries – and even create new ones. But it also introduces new risks via an expanded attack surface that companies must vigilantly guard against. And Citrix Systems, Inc. (NASDAQ: CTXS) is expanding its network protection capabilities to help them do this. The company today announced that it is collaborating with global cybersecurity leader Palo Alto Networks to enable easy deployment and management of next-generation firewalls within Citrix® SD-WAN, providing companies with added layers of security to protect their assets at branches and beyond. “Applications and workloads are migrating to the cloud at a very aggressive rate and security needs to follow them,” said Chalan Aras, Vice President, SD-WAN
6 | September 2019
Company simplifies deployment of next-generation firewalls within SD-WAN solution, enabling multi-layer security across branches and workspaces
and Intelligent Traffic Management, Citrix. “With Palo Alto Networks, we can deliver an advanced SD-WAN security solution that enables companies to protect users, data and applications across branches, data centers and public clouds in a simple, flexible way.”
WAN Edge Networking Simplified Citrix SD-WAN is a next-generation WAN Edge solution that delivers the automated, secure connectivity required to optimize performance of applications and drive a superior user experience. With the integration of the Palo Alto Networks VM-Series virtual next-generation firewalls and Prisma Access with the Citrix SDWAN solution, distributed enterprises can enhance their network and cloud protection in a straightforward, costeffective manner.
Security Amplified Leveraging Citrix SD-WAN Orchestrator for unified management and control, IT
organizations can: • Build and enforce consistent access control policies based on applications and users across network and cloud • Automate provisioning of Palo Alto Networks VM-Series next-generation firewall (NGFW) on the Citrix 1100 appliance, as a virtual network function (VNF) • Automate connections to Palo Alto Networks Prisma Access cloud-based firewalls for consistent policy enforcement • Streamline provisioning of multi-layer security services from Citrix SD-WAN Orchestrator, available via Citrix Cloud • Apply security zone segmentation to protect users, applications, and data “In today’s hybrid, multi-cloud world, security needs to be as agile as your applications, data and users,” said Adam Geller, senior vice president, Products, Palo Alto Networks. “Together with Citrix, we can deliver an integrated set of products that provide a consistent level of protection to users across the network and both public and private clouds.”
ETRI Researchers' Session at IFA
E
lectronic and Telecommunications Research Institute (ETRI) researchers
presented the latest Artificial Intelligence (AI) technologies at the Internationale Funkausstellung (IFA), the world's largest trade fair for consumer electronics, held in Berlin, Germany from Sept. 6 to 11, 2019. The researchers showcased four technologies: a smart factory operation control system; Internet of media technology; a deep learning high-speed processing system; and AI motion analysis technology. In addition, Dr. Kim Hyun of the Smart Information and Communications Technology (ICT) Convergence Research Department presented a keynote presentation titled "ICT-enabled smart factory" at the IFA NEXT Innovation Engine.
AI motion analysis mechanism
Smart factory operation control system
researchers had developed a webhard
AI motion analysis technology recognizes
ETRI's smart factory operation control
illegal contents elimination system using
user's actions and behavior. Beside
system can manage personalized
this technology, which can be used to
analyzing dynamic and complex
manufacturing that uses 3D printers or
create reliable media services by blocking
movements such as K-POP dances, it
robots. In particular, it can reconfigure the
harmful information.
can also be used for effective posture
Earlier in July this year, ETRI
manufacturing line using modular design.
correction by comparing an expert's
It can also manage the smart factory in
Deep learning acceleration system
posture and learner's posture, and
real time or analyze the operational data
The Deep Learning Acceleration System
providing an evaluation result. Motion-
using Internet of Things (IoT) sensors.
is a distributed computing platform
based educational contents, sports posture
technology, which enables computer
analysis and correction systems, and
Internet of media technology
clusters to learn a large, deep learning
medical rehabilitation clinic service can be
Internet of media technology uses AI to
model at high speed. This technology can
created using this technology.
verify whether media, such as videos,
reduce the deep learning training time
photos and text, are safe and genuine.
by up to four times without changing the
carried out technology commercialization
AI is applied to collect information from
existing models. Companies with data
and overseas marketing by releasing AI
various media contents to analyze the
centers can develop a high-speed deep
research achievements implemented by
authenticity of the data.
learning system using this technology.
ETRI," said ETRI President
"By participating in IFA 2019, we
September 2019  |  7
News In Detail
AVEVA Launches First-in-Market Integrated Engineering Procurement and Construction Software Solutions to Improve Return on Capital Projects
A
VEVA, a global leader in engineering and industrial software, today announced the introduction of integrated engineering software designed to help customers transform the way capital projects are engineered, executed and integrated into operations and maintenance. The integrated portfolio comprises three software solutions. AVEVA Unified Engineering seamlessly integrates process design with front-end engineering and detailed 3D based design. AVEVA Unified Project Execution links and streamlines procurement and construction processes for capital projects. AVEVA Enterprise Learning enables the rapid skilling of operators and engineers using Extended Reality (XR) and simulation tools, to ensure efficient startups and shutdowns, normal operations, and the ability to handle abnormal situations “This launch builds on the recent news describing AVEVA’s capabilities as the first company in the engineering and industrial software market to comprehensively address the end-to-end digital transformation imperatives with an integrated portfolio of solutions that deliver efficiency, unlock value and empower people across the lifecycle of capital assets and operational value chains,” commented Craig Hayman, CEO, AVEVA. “It changes the way that owner operators engage with Engineering, Procurement and Construction (EPC) companies in designing, building, commissioning, and operating their capital assets.” The functionality provided in these integrated solutions enables the realization of an EPC 4.0 strategy for owner operators, central to digital transformation in the capital-intensive process sectors. This allows collaboration on a global scale, through hybrid cloud architectures and on a common platform. The entire manufacturing process can be traced, tracked, and linked - from engineering and design, through procurement and construction, to handover and to operations and maintenance, as a comprehensive Digital Twin for the capital asset. “As competition in the business world accelerates the time has come for industrial organization to innovate to facilitate the transition from the manual, document-centric processes, towards a data-driven vision of project design, procurement, and execution in order to increase safety, reduce costs, and minimize delays, “
8 | September 2019
commented Craig Hayman, CEO AVEVA. “With the launch of AVEVA Unified Engineering, a first of its kind solution, we are breaking down the silos between engineering disciplines and enabling our customers to turn conceptual designs into 3D models quickly, accelerating engineering to estimation and ensuring designs can be operated before committing billions of dollars.”
Transforming Capital Projects to Deliver Safely on Time and Budget New AVEVA Unified Engineering enables the integration of the process model and plant model lifecycles from concept to detailed design, delivering frictionless collaboration for multi-discipline engineers to collaborate in the cloud. The net result is a minimum 50% improvement in engineering efficiency in FEED and up to 30% in detail design, which can yield a 3% total installed cost improvement. These savings can be re-invested to ensure engineering quality, accuracy, and maturity for downstream project execution business processes. AVEVA Unified Project Execution solutions integrate with AVEVA Unified Engineering to further break down the silos within Procurement and Construction by combining key disciplines covering Contract Risk Management, Materials and Supply Chain Control, and Construction Management into one cloud based digital project execution environment. AVEVA Unified Project Execution solutions deliver up to 15% reduction in material costs, 10% reduction in field labor costs and reduces unbudgeted supplier change orders by up to 50%, which translates to 10% total installed costs savings opportunities for our customers. “Our Engineering portfolio enhancements will deliver increased agility for our customers, enabling them to reduce cost, risk, and delays, minimizing errors and driving rapid capital project execution. The cost savings are realized by mitigating capital investment risks at the process design stage, cutting engineering man-hours by up to 30% in plant design, reducing material costs in procurement by up to 15% as well as reducing field labor costs in construction by up to 10%,” commented Amish Sabharwal, SVP, Engineering Business, AVEVA. “With these new solutions AVEVA is providing integration across all
Kaspersky Helps Eliminate Critical Vulnerabilities in Smart Home Controller
K
aspersky researchers investigating the control device for an active smart home ecosystem have identified several critical vulnerabilities, including bugs in the cloud infrastructure and potential remote code execution that would allow a third party to get ‘super user’ access to the controller and manipulate the smart home infrastructure. The findings were shared with the vendor, Fibaro, which immediately addressed them, and updated security protocols. As the IoT (Internet of Things) landscape continues to expand and evolve, the importance of such research remains: with new products and solutions, new threat dimensions emerge, jeopardizing users’ safety. One Kaspersky employee challenged the company’s researchers to examine the smart system deployed in his house. He granted the researchers access to the controller for his smart home as it connects and supervises overall operations throughout the smart home, and a successful compromise would allow a cyber attacker to intrude into the entire home ecosystem for anything from espionage and theft to physical sabotage. The initial, intelligence-gathering stage of research led the experts to several potential attack vectors: via the Z-Wave wireless communications protocol widely used for home automation; via the web interface of the administration panel; and via the cloud infrastructure. To complete the experiment, Kaspersky experts prepared a specific backup with a separately developed script, protected with a password. They then sent an email and SMS to the device’s owner via the cloud, urging him to update the controller’s firmware. As requested, the ‘victim’ agreed and downloaded the infected backup. This enabled the researchers to obtain super user rights to the smart home controller, allowing them to manipulate the connected ecosystem. To demonstrate
Pavel Cheremushkin Security Researcher Kaspersky ICS CERT
their successful intrusion into the system, the researchers changed the tune on the alarm clock – the next day, the Kaspersky employee woke up to some loud drum & bass music. “One of the main tasks of the device we studied is the integration of all "smart things" so that the owner of the
house can manage them from a single home center. An important detail is that our assessment targeted an actively deployed system – previously, most of the research was conducted in lab conditions. The research has shown that despite a growing awareness of IoT security, there are still issues to be addressed. Even more important, the devices we studied are mass-produced and deployed in functioning smart home networks,” said Pavel Cheremushkin, security researcher at Kaspersky ICS CERT. “IoT infrastructure requires a complicated system working fluently on many layers. It involves lots of implementation and architectural work. We appreciate Kaspersky’s research and effort. It helped us work on the security of our products and services. Together we eliminated potential vulnerabilities. We highly recommend installing updates to FIBARO users, and always checking if the e-mails are consistent with FIBARO website announcements. The updates increase functionality of the system as well as make it harder for hackers to steal. September 2019 | 9
News In Detail
Desktop as a Service (DaaS) Transforming the Digital Workspace By: Paulo Pereira, Director, Systems Engineering - Emerging Markets and Eastern Europe at Nutanix
C
ompanies of all sizes are turning to desktop as a service (DaaS) solutions to satisfy their digital workspace needs. Traditional desktops and laptops are costly and difficult to manage, and they pose significant security challenges. Virtual desktop infrastructure (VDI) replaces traditional systems with virtual ones powered from your datacenter. Many enterprises have successful VDI deployments, but are looking for options that extend their organization into cloud and reduce management overhead. DaaS overcomes the challenges of traditional desktop and laptop systems and can serve as a platform to deliver VDI from clouds. For companies undergoing digital transformation, DaaS is a great way to empower both your end users and your IT teams. End users benefit because they have greater flexibility to work from anywhere, on any device, and collaborate more easily with co-workers, partners, and suppliers.
datacenter or the cloud where it is more secure. • If a physical device fails, the user can simply switch to a different device and pick up where they left off.
Top Ten Reasons to Choose DaaS
DaaS is an important part of your digital transformation strategy, significantly reducing the IT effort required to support end users and freeing your team to focus on business outcomes rather than IT outcomes. DaaS makes it possible to continuously integrate and continuously deliver emerging technologies. DaaS also allows you to quickly support projects that require a fast ramp up, without exposing your company’s network and intellectual property. In many industries, mergers and acquisitions are a fact of life. DaaS can help you accelerate onboarding of new employees during acquisitions and grant them immediate access to company applications, data, and services.
Reason 1: Eliminate Desktop and Laptop Challenges Managing and supporting a large number of desktop and laptop workstations with locally installed software is a challenge for companies of all sizes. Employees come and go regularly, and appropriate devices have to be supplied and retrieved. Keeping close tabs on desktops and laptops, often across numerous physical locations, is difficult, time consuming, and expensive. An even bigger concern for most companies is security risks created by physical computing devices with data stored locally. DaaS addresses these challenges by moving all the heavy lifting into an enterprise or cloud datacentre: • User applications no longer need to be installed or run locally on each device. • Company data remains in your
10 | September 2019
Reason 2: Remove the Expertise Barrier For many companies, running VDI in-house is subject to operational, performance, and scaling constraints due to a lack of expertise and experience. Smart companies increasingly view DaaS as an elastic complement to existing VDI deployments or an opportunity for continued growth in VDI in hybrid cloud. DaaS reduces or eliminates VDI management challenges, enabling IT teams to focus on delivering services to businesses and end-users — and satisfying digital transformation goals.
Reason 3: Focus on Strategy Not Tactics
Reason 4: Overcome Geographic Limitations DaaS offers a great solution to address digital workspace needs across disparate geographies. With the right DaaS solution, employees can work from almost anywhere
that has an internet connection and receive good performance. If users in different locations need to collaborate electronically, DaaS solutions can facilitate collaboration.
Reason 5: Enable BringYourOwn-Device Adopting a BYOD policy, as many companies are doing, makes device management even more intractable. With DaaS, your company’s important applications run in your provider’s infrastructure services, safely isolated from other activity on user devices. Users gain access to applications and data only after proper authentication. And because no data is stored locally on the device, there’s no risk of compromise if the device is lost.
Reason 6: Soar into the Cloud DaaS provides an platform for Enterprises to understand and consume cloud services without having to learn new technology terminologies. DaaS also accelerates the
cloud learning maturity in an organization because they can focus on application service integration and delivery without worrying about tech debt and tech inertia.
Hacking my airplane – BlackHat edition
Reason 7: Pay Only What You Use The ability to pay as you go—and pay only for what you use—is a hallmark of IT success in the digital age. DaaS simplifies your operations, reduces your per user costs, and makes perfect sense for organizations in the midst of digital transformation. DaaS reinforces a subscription based consumption model that meters on actual usage.
Reason 8: Simplify Scaling The worst thing that can happen to new employees is to have them sit idle waiting for the computing resources they need to do their jobs. But planning for resource needs and scaling infrastructure—whether physical systems or VDI—to keep up with the needs of a dynamic enterprise is hard. DaaS provides immediate scalability to simplify the planning process and address unforeseen needs. You can provision new desktops as needed and release them just as quickly.
Reason 9: Maintain Full Control A common concern that many enterprises have when it comes to DaaS is loss of control, but DaaS and BYOD don’t necessarily mean that you lose control over your environment. In fact, you may even increase control. DaaS gives you both greater visibility and increased cost control. Depending on your DaaS provider, you can quickly and easily grant (or remove) access to applications and data at a granular level. You can control access to data and prevent employees from making local data copies or writing data to insecure devices. Employees can also access specialized resources like GPUs on an as-needed basis.
Reason 10: Step Up Security DaaS eliminates the risks that result from sensitive data stored on user devices. Data remains secure in a datacenter, subject to your full control and established governance. DaaS providers take security seriously and offer a variety of advanced authentication and other security capabilities.
Cameron Camp Security Researcher ESET
A
fter welcoming hacking research, automobile technology started to get better at defending against hacks. So why has the airline industry not been as welcoming? By Cameron Camp, security researcher at ESET I’m building a homebuilt experimental airplane. Yes, I plan to fly in it. Don’t be afraid, lots of others are too, and this segment of inventors could easily prove a valuable anti-hacking component for big jet and small plane industries alike. The airline industry is paralyzed with fear of bad press, especially of getting hacked. With more new planes getting wired (and wireless) systems, there will continue to be more networks flying around in the air by your seat in the cabin. Not all networks control critical things; many are involved in doing quite simple things like changing the color of the lights in the cabin. So what’s the risk to flight control systems? That’s exactly what the automotive industry figured ten years ago: What could possibly go wrong with vehicle control if an “entirely different”, seemingly unrelated system got hacked?
Until it did. Here at BlackHat a while back we got to see videos of vehicles swerving out of control following a hack. Thankfully, the automotive industry came to terms with the hacking reality, and (some) even sponsored hacking opportunities like the automotive hacking village here at DefCon later in the week. It was a very positive turn of events. By engaging the hacker culture in a more open way, automobile technology started to get better at defending against hacks, which helps to keep us all safe. The airline industry has not been as welcoming. While it’s not as plausible to park a jet in a suite at DefCon, seemingly few strides have been made to warmly welcome hacking research. It’s not implausible to make some systems available that are currently used in aircraft, but there seems to be cultural inertia that has only warmed slightly to the thought. So now we have a briefing here at BlackHat about messing with the in-flight guidance systems on small planes. These kinds of systems are often used in planes like mine. But unlike typical manufacture disclosure processes, which can be, um, unfulfilling and unwelcoming, those who work on their own planes, for which they are considered the manufacturer, are prime candidates to engage to help work things out. After all, we don’t really have large PR inertial problems, we just want to fix the problem. Our stock won’t tank. We can publish findings to enthusiast lists and groups in the U.S. like the Experimental Aircraft Association (EAA) where people share ideas rather quickly, and thereby become a sort of ad hoc beta test group. Can it work? Absolutely. About 40 years ago, the homebuilt/experimental groups started hacking planes for performance. Nowadays, a homebuilt aircraft might be constructed of carbon fiber laminate flow wings with Fowler slotted flaps for low-speed handling in a high-speed aircraft that will absolutely destroy the performance of the heavily regulated light planes the aircraft industry still produces, which are still largely based on 70‑year‑old technology still today. At half the price. September 2019 | 11
News In Detail
SPECTRAMI Announces Eight-city Predictive Cyber Defense Roadshow 2019
S
PECTRAMI has announced a seven-country and eight-city security roadshow, SPECTRAMI Predictive Cyber Defense Roadshow 2019, designed to educate organizations on the merits of predictive cyber security approach as against the prevention or detection-based approaches, which is a decent approach but, in many cases, leaves them vulnerable. The roadshow will also highlight the key solutions and services deliberated to support predictive cyber defense model. The company kick started its multi-city roadshow campaign from Dubai and conducted the first roadshow at Burj Al Arab, Dubai, UAE on 9th September 2019. After Dubai, the roadshow will travel to Muscat, Doha, Kuwait, Riyadh, Dammam, Cairo and Istanbul. The SPECTRAMI Predictive Cyber Defense Roadshow 2019 has been crafted to provide an interactive platform to disseminate information and network with security decision makers from most prominent organizations in the region. The roadshow is part of a larger initiative by SPECTRAMI that will enable organizations to combat threats proactively along with its key partners Anomali, Automation Anywhere, Attivo Networks, ExtraHop, Flashpoint, Tenable, HIVE PRO, Intel471, Micro Focus, Polarity and Feidelis. Anand Choudha, the CEO and President at SPECTRAMI commented: “We are extremely excited and proud of the roadshow that will cover major seven countries and eight major cities in the region. I am sure the roadshows will provide an excellent platform for all the industry experts and security specialists. We expect to host more than 300 customers and several of the IT decision makers during the course of these roadshows.” “With our key technology partners, we intend to address the challenges faced by end-users not just from product or solution perspective but from the framework and policy aspect too. Time has come for industry leaders to adopt the predictive security approach rather than the preventive security approach.” Echoing the similar sentiments, the CTO of SPECTRAMI, Sarfaraz Kazi said “Technology is evolving very fast, which is driving the need to relook at our strategies and develop a predictive risk management strategy that will enable organisations to proactively identify threats and allows them to stay ahead of potential threats.” The vulnerability analytics, security analytics and multi-vendor
12 | September 2019
Anand Choudha CEO & President Spectrami
threat intelligence are three major pillars of prediction-based approach, which SPECTRAMI will present to help decision-makers to stop the attacks before they hit their organizations.
Veeam to Drive Middle East Businesses to Adopt Cloud Data Management at GITEX 2019
V
eeam Software has announced its participation at the GITEX Technology Week, scheduled between 6 -10 October 2019 at the Dubai World Trade Centre. As part of the company’s ongoing commitment to help regional organizations transition to the cloud and embrace digital transformation, executives from Veeam will share its vision for Cloud Data Management. They will also deliver live demonstrations of Veeam Availability Platform—a complete solution to help customers evolve the way they manage data, from policy- to behavior-based, and make it smarter and self-governing, ensuring it’s available across any application and any cloud infrastructure. Talking about the company’s participation at GITEX, Claude Schuck, regional manager, Middle East at Veeam said: “Given our leadership position and market leading technologies, GITEX is an opportunity to turn the spotlight on the criticality of Cloud Data Management. CIOs and IT managers need to understand that ensuring instant and reliable data availability requires an evolution in how it is managed from policy-driven to behavior-driven, leveraging Artificial Intelligence and Machine Learning to enable data to back up autonomously, migrate to the right location based on the business need and to secure itself during anomalous activity.” According to the 2019 Veeam Cloud Data Management Report, 72% of organizations are looking to embrace Cloud Data Management and are transitioning to cloud strategies. As part of the same survey, 80% of respondents from the Middle East see productivity bene¬fits of Intelligent Data Management. Only 24% of enterprises in the Middle East describe their digital initiatives as mature. To help them on their journey, at GITEX, Veeam will educate regional organizations on this journey and outline the 5 Stages of Cloud Data Management: • Backup • Cloud Mobility • Visibility • Orchestration • Automation
Claude Schuck Regional Manager, ME Veeam
Comprehensive Video Surveillance for Industrial Applications
P
hoenix Contact offers its first comprehensive solution for wired or wireless IP video surveillance in industrial applications. This includes an extensive product portfolio of connection and automation technology for use between the camera and video server. Industrial Ethernet components, power supplies, surge protection, connectors, cables, lines, terminal blocks, and 19" components ensure secure connection between the camera and video server. The required components are available
individually, as modules or as ready-to-connect boxes. The products are suitable for industrial use and therefore enable high network availability even in critical applications. The IP video surveillance solution is suitable for small installations through to large systems with high security requirements. In addition to providing security for property in buildings and on company premises, the solution can also be used for technical system monitoring. Phoenix Contact also provides extensive advice for the configuration and planning of video networks. September 2019 | 13
News In Detail
Kaspersky Security for Microsoft Office 365 Now Protects OneDrive
K
aspersky Security for Microsoft Office 365 has expanded
storage and can immediately delete an infected file before it
protection capabilities from Exchange Online to include
spreads further.
Microsoft storage service OneDrive. The product prevents
Kaspersky Security for Microsoft Office 365 protects both
malware from infiltrating OneDrive and spreading across
email — a potential transfer point for malware to enter the
corporate networks. This is achieved through multiple layers of
corporate network — and storage, through which threats can
protection empowered with heuristic and behavioral analysis.
reach all users.
Businesses create dynamic, digital environments where
“Shared storage options, such as OneDrive, are popular
employees can collaborate, share and store corporate data. Being
and widely used business tools. But if employees can have
under constant pressure to work fast and effectively means
instant and easy access to shared files, then so can malware.
they may sometimes miss suspicious files or emails containing
Businesses need to understand this risk and ensure they are
malware, allowing it to get into shared cloud folders, such as
not compromising their productivity due to cyberthreats, by
OneDrive. In fact, two thirds (66%) of office workers can hardly
protecting their data and workflows. Our product provides such
remember what they put in shared folders. Without a dedicated
protection for Microsoft Office 365, allowing companies to use
layer of protection, cloud storage can become a transfer space
its collaborative features and focus on day-to-day operations,
for malware to be distributed across the whole organization,
rather than worrying about the security of their data,”
jeopardizing sensitive business data and overall workflow.
comments Sergey Martsynkyan, Head of B2B Product Marketing
Kaspersky Security for Microsoft Office 365, with added protection for Microsoft OneDrive, prevents such a scenario.
at Kaspersky. Kaspersky is continually developing its products to protect
Anti-malware protection for OneDrive includes signature-based
more cloud services within Microsoft Office 365. Security for
detection combined with heuristic, behavioral analysis, and the
SharePoint, a service for content management and team
latest threat intelligence enabling the prevention of known and
work, is the next feature to be added to Kaspersky Security for
zero-day threats. It detects suspicious content held within the
Microsoft Office 365.
14 | September 2019
Mimecast Makes Migrating from Symantec’s Email Security.cloud Fast and Easy More than 3800 Symantec Customers Have Made the Switch; New Offer Available Makes It Easier
M
imecast Limited (NASDAQ:
customers who have migrated to
automatically provide integrated,
MIME), a leading email and data
Mimecast have said “it is a tried and
context-aware security awareness
security company, today announced
trusted service which keeps improving
information to users.
limited edition packaging and migration
to protect against the latest threats.
• Mimecast Security Awareness Training
services for Symantec’s Email Security.
We have tested other products … and
designed to address the nagging
cloud, also known as MessageLabs,
Mimecast has always come up on top.”
problem of human error in security
customers. To date, more than 3800
“Mimecast has already easily
breaches by educating employees about
Symantec customers have successfully
transitioned more than 3800
security best practices using highly
migrated to Mimecast. Industry experts
organizations from the Symantec
engaging and effective video-based
have made key observations related to
on-premises and cloud-based email
training modules.
the pending Symantec (NASDAQ: SYMC)
security systems,” said Neil Senior, vice
• Automated threat remediation helping
acquisition by Broadcom (NASDAQ:
president of global customer success
to enable administrators to remove
AVGO), expressing concern over
at Mimecast. “We’re ready to talk to
unwanted or malicious emails no matter
“decaying software assets.” As part of
customers who are concerned about the
how old they are from Microsoft Office
the limited edition packaging services,
impact of their email security provider
365 and Exchange.
Mimecast is offering free email security
announcing $1B+ cuts in expenses
risk assessments, so organizations
including research and development,
can see first-hand limitations of their
sales and support. Our goal is to provide
Mimecast is running a limited time
incumbent email security system.
our Legendary Customer Success®
offer for current Symantec customers
Mimecast customers can also benefit
approach from initial migration to
interested in taking advantage of
from a broader portfolio that is
completed implementation.”
Mimecast's Email Security capabilities.
detection, email archiving, mailbox
With Mimecast, organizations can
• Organizations with 500 seats or above
continuity and web security all on a
take advantage of global data centers
can get 18 months of services for the
single cloud platform.
and get strong protection including:
price of 12 months
Until November 30, 2019,
engineered to include superior threat
• Static file analysis designed to offer
• Organizations with less than 500 seats
to evolve and target organizations, not
superior malware detection with
can get 15 months of services for the
to mention that phishing attacks and
Mimecast’s Targeted Threat Protection.
price of 12 months
ransomware are as dangerous and costly
• Mimecast Internal Email Protect
as ever. Outsmarting cybercriminals
engineered to detect and remediate
takes constant attention and innovation.
threats generated from inside the
employee base around the world,
Mimecast is committed to continuing
organization.
opening new offices and data centers
to innovate across all solutions on its
• Safe file conversion designed
to better serve customers. For current
platform so customers can have access
to neutralize potentially malicious
Symantec email security customers
to the best cyber threat protection and
attachments, making them read-only
interested in learning more about
compliance in the market.
with no delivery delay.
switching to Mimecast, understand the
• Mimecast URL Protect built to
many benefits and schedule a demo.
Email-borne threats are continuing
According to TechValidate,
Mimecast continues to grow its
September 2019 | 15
News In Detail
Vocera's New Vina Smartphone App Enhances the Mobile Communication Experience
V
ocera Communications has announced the release of Vocera Vina, the company’s new smartphone application. The customizable communication app presents prioritized patientcentric calls, secure messages, and alerts in a unified inbox, and provides an intuitive user experience for clinicians inside and outside the hospital. Powered by the Vocera Platform, Vina delivers relevant context about clinical events, patient status, and clinician availability, helping care teams improve safety, quality of care, and experience for patients and care teams. “In the busy and unpredictable environment of a hospital, physicians and nurses must connect quickly with each other and with patient information to deliver safe, compassionate and effective care,” said David Augsburger, director of clinical informatics at Major Health Partners. “Vocera Vina has the essential functionality needed to move all our clinicians to one platform for all clinical communication and collaboration, which will help them connect with the right people, make informed decisions, prioritise actions, and respond rapidly to emerging situations.” To help clinicians stay focused on what matters most, Vina presents incoming communication in order of importance, along with context that provides a meaningful picture of the patient situation. Drawing from a dynamic master directory and intelligent workflow engine of the Vocera Platform, the app delivers secure messaging, voice calling, and prioritised clinical alert and alarm notifications to the right clinician or care team. Contextual patient information like vital signs, fall risk scores, lab values, nurse-call information, and critical data like sepsis risk indicators can be automatically attached to a message or incoming call notification. The entire care team can see the full history of calls, messages, alerts, and alarms pertaining to a patient or event within a single conversational thread, and clinicians can easily see when others are busy or unavailable and should not be interrupted. They also can reach colleagues simply by saying a name, role or group. “Building better healthcare technology means understanding a day in the life of a clinician,” said Brent Lang, president and CEO of Vocera. “Vina is the only smartphone app that care teams need for simple and secure communication. In fast-paced, chaotic healthcare environments, the intuitive user experience helps make the lives of doctors and nurses much easier and mitigates cognitive load.
16 | September 2019
Epson announces its first 24-inch dye sublimation printer, SureColor SC-F500
E
pson has announced the new SC-F500, 24-inch, dye-sublimation printer, developed to help promotional houses, photo labs, clothing producers and copy shops increase customer choice through flexible, high-quality printing. Whether producing printed phone covers, mugs, mouse mats, t-shirts or cushions, the SCF500 offers fast turnaround times, reliability and a low total cost of ownership (TCO) to small businesses, and it requires no specialist knowledge to set up, operate or maintain. The SC-F500 forms part of Epson’s complete endto-end printing solution, which includes inks, software and paper, all designed to work in perfect harmony. To keep businesses agile and responsive to customer needs, the SC-F500 has been built with ease of use, productivity and efficiency in mind. This is achieved through features that complement Epson’s established dye-sublimation technology, including: • Refillable ink solution (140ml bottles can be used even when printing) • Wi-Fi connectivity (an Epson first in the dye sublimation range) • Media auto-switch (switch between cut sheets and roll media with ease) • Epson’s LFP Accounting Tool (to accurately calculate print costs) • Head guard (for dust prevention) • 4.3-inch touchscreen (for ease of use) Jeroen van Beem, director of sales, Epson MEA, says: “We’re excited to offer this dye-sublimation printer that’s set to open up new opportunities for many small businesses. This is our first 24-inch printer in our dye sublimation range. What’s most rewarding for us is to see just how many applications that are supported by the SC-F500 – the range of gifts and promotional items that can be produced is truly impressive. We’re also confident that the suite of new and enhanced features we’ve introduced, including the refillable ink solution, will help keep businesses running for longer, with little user intervention needed. That has to be a benefit to ambitious small business owners looking to steal a competitive advantage, without having to have specialist staff.”
News In Detail
UAE's Research Scientist Reveals the Mystery of Universe Evolution Process SaaS (software-as-a-service) is here to stay. This is evident from the widespread adoption of business applications hosted in the cloud such as CRM, payroll processing, collaboration and human resource management software over the last decade. And it is not just business applications these days. Increasingly, networking and security has also moved to the cloud. SaaS is a delivery model where the software is centrally hosted by a vendor and buyers consume the service from the cloud. Whether you are an organization using applications to run your business or a vendor providing critical software as a service to your customers, there is something for everyone in a SaaS model.
What’s in it for consumers of SaaS: • Reduced IT overhead – Organizations consuming services from the cloud do not need to install or maintain expensive hardware or infrastructure on-premises. If consuming security from the cloud, this is a big advantage because now security can be deployed even in locations where no IT expertise is available. • Immediate Access to Functionality – Customers get access to the SaaS service immediately upon signup without having to wait for shipment and installation of hardware or software. For example, organizations can immediately improve their security posture by signing up for a cloud based security offering. • Flexible licensing/payment options – SaaS model provides companies an alternative to the traditional capex model where they pay upfront for any hardware needed and a perpetual software license. By shifting to an opex model, they can take advantage of lower upfront costs and more predictable recurring costs thereafter. • Seamless upgrades – Customers don’t need to worry about updates for latest features or patching their software for vulnerabilities. The SaaS provider always has the latest secure code in the cloud. This enables customers to get immediate access to new innovations and features. • Scale as you grow – Organizations don’t have to plan for peak capacity like they do when purchasing infrastructure. They can scale by purchasing higher tiers of the service as they grow. • Extend reach – Since SaaS services are delivered from the cloud, it is possible to extend the usage of the services to beyond the traditional on-premises network. For example, security delivered from the cloud can easily be applied to devices on or off premises which greatly expands the use cases that can be addressed.
18 | September 2019
Krupa Srivatsan Director, Product Marketing Infoblox
What’s in it for vendors: • Latest code for all customers – Vendors can allocate resources to provide the latest and greatest to all their customers at the same time, without having to worry about a legacy of old software they may need to support. • Speed of innovation – The speed of innovation is also much greater as vendors can make available new features and functionality to their customers much faster than with a traditional 6-month release cycle for on-premises software. • Better Customer Insight– Companies with SaaS offerings are much closer to the customer than companies with only a traditional model because of more frequent involvement with users of their service. This means they can provide features that the customers actually need based on the feedback loop. Many businesses are in the process of making a shift to consuming services from the cloud because they see greater business value through SaaS.