CLOUD & CYBER SECURITY EXPO
|
EXCEL LONDON
|
algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics threat log files| machine learning malicious threat phishing 12 insider – 13 MARCH 2019 CLOUDSECURITYEXPO.COM attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber
CYBERSECURITY
30 YEARS ON YOUR SIDE
Visit us to see how ESET’s SMB and Enterprise cloud offerings can help your organisation make the most of 30 years of IT security experience. With a portfolio you would expect from a top five global vendor with 110m users across 200 countries. ESET has an enviable track record of industry analyst plaudits, including the bronze award in the Gartner Peer Insights Customer Choice for Endpoint Protection Platforms in 2017.
Find us on stand S4505 eset.com/uk/cloud 01202 405401
110m+
users worldwide
400k+
business customers
200+
countries & territories
13
global R&D centres
CYBERSECURITY DOESN’T NEED MORE TOOLS. IT NEEDS NEW RULES. The new rules are changing the way we see security. Visit ibm.com/xforcectoc to find out how.
contents
risk cyber security cyber skills data analytics insider phishing attack security automation security posture cyber risk cyber security cyber skills data analytics cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm phishing phishing attack security attack security automation automation security security posture posture intelligence cyber governance cyber risk cyber security risk cyber security cyber skills data analytics insider phishing attack security automation security posture shadow IT threat intelligence algorithm artificial insider insider threat threat insider log log files insider threat files machine insider machine log files threat learning log machine learning files log malicious files machine learning malicious machine learning malicious learning malicious malicious algorithm algorithm artificial artificial risk cyber security cyber skills data analytics insider posture shadow IT threat intelligence algorithm intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat logfiles files machine phishing attack security automation security posture cyber security cyber skills data analytics insider shadow IT threat intelligence algorithm artificial learning malicious threat phishing attack shadow shadow IT threat IT threat intelligence intelligence algorithm algorithm artificial artificial cyber risk cyber security cyber skills data analytics phishing attack security automation automation security security posture posture shadow IT threat intelligence cyber governance cyber risk cyber security cyber security cyber skills cyber data security analytics cyber insider skills data analytics insider algorithm artificial intelligence cyber governance algorithm artificial cyber algorithm artificial algorithm intelligence artificial cyber intelligence governance cyber governance learning malicious threat phishing attack security phishing attack security automation security posture security cyber skills data analytics insider threat log algorithm algorithm artificial artificial phishing attack security automation security posture cyber skills cyber data skills analytics data insider analytics threat insider log threat files machine log machine posture shadow IT threat posture intelligence shadow IT algorithm threat intelligence algorithm files files machine machine learning learning malicious malicious threat threat phishing phishing attack attack threat log files machine learning malicious threat threat log files machine learning malicious threat automation security automation posture security shadow posture IT threat shadow IT threat learning malicious threat phishing attack security cyber skills data analytics insider threat log files machine threat log files machine learning malicious threat intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber cyber phishing phishing attack attack security security automation automation security security posture posture intelligence intelligence cyber cyber governance governance cyber cyber risk cyber risk cyber security security algorithm artificial intelligence cyber governance intelligence algorithm artificial intelligence cyber artificial artificial intelligence intelligence cyber governance cyber governance cyber risk cyber risk algorithm artificial intelligence cyber governan shadow IT threat intelligence algorithm artificial algorithm artificial intelligence cyber governance cyber cyber cyber security security cyber cyber skills skills data data analytics analytics insider insider cyber skills data analytics insider threat log files machine posture shadow IT threat intelligence algorithm security automation security posture shadow IT threat risk cyber security cyber skills data analytics insider algorithm artificial algorithm intelligence artificial cyber intelligence governance cyber governance threat log files machine learning malicious threat shadow IT threat algorithm artificial insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk shadow shadow IT threat IT intelligence threat intelligence algorithm artificial cyber skills data analytics insider threat log files machine threat log files machine learning malicious threat shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security algorithm artificial intelligence cyber governance threat threat phishing phishing threat attack phishing attack security threat phishing security attack phishing automation attack security automation attack security automation security security security automation automation security security security intelligence intelligence cyber cyber threat log files machine learning malicious threat insider threat log files machine learning malicious cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security shadow IT threat intelligence algorithm artificial threat log files machine learning malicious threat intelligence cyber governance cyber risk cyber automation security posture shadow IT threat algorithm artificial intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber cyber security security algorithm artificial intelligence cyber governance insider threat log files machine learning malicious shadow IT threat intelligence algorithm intelligence artificial algorithm artificial intelligence cyber algorithm artificial cyber skills data analytics insider threat log files machine threat log files machine threat learning log malicious files machine threat learning malicious threat artificial intelligence cyber governance cyber risk risk cyber security cyber skills data analytics intelligence insider cyber cyber risk cyber cyber security risk cyber cyber security skills data cyber analytics skills data analytics automation security posture shadow IT threat shadow IT threat intelligence algorithm artificial files machine learning malicious threat phishing attack intelligence intelligence cyber cyber shadow IT threat intelligence algorithm artificial learning malicious learning malicious threat phishing threat attack phishing security attack security artificial intelligence artificial cyber governance intelligence cyber cyber risk governance cyber risk security security automation automation security security posture posture shadow shadow IT IT threat threat phishing attack security automation security posture phishing attack security automation security posture intelligence algorithm intelligence artificial algorithm intelligence artificial cyber intelligence cyber automation security posture shadow IT threat learning malicious threat phishing attack security algorithm artificial intelligence cyber governance phishing attack security automation security posture security cyber cyber skills skills data data analytics analytics insider insider threat threat log log shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm artificial artificial cyber cyber skills skills data analytics data analytics insider insider threat threat log files log machine files machine cyber risk cyber security cyber skills data analytics governance cyber risk cyber security cyber skills data cyber security cyber security cyber skills cyber data skills analytics data analytics insider insider intelligence cyber cyber security algorithm artificial intelligence cyber governance cyber risk cyber risk cyber security cyber skills data analytics insider threat threat log log files files machine machine learning learning malicious malicious threat threat learning malicious threat phishing attack security artificial intelligence cyber governance cyber risk intelligence algorithm artificial intelligence cyber threat log files machine learning malicious threat algorithm artificial intelligence cyber governance cyber risk cyber security risk cyber cyber skills security data analytics skills data analytics phishing attack security automation security posture intelligence cyber governance cyber risk cyber security threat phishing attack security automation security cyber security cyber skills data analytics insider intelligence intelligence cyber governance cyber governance cyber risk cyber cyber risk cyber learning malicious threat phishing attack security phishing attack security automation security posture cyber risk cyber security cyber skills data analytics insider threat log files machine algorithm artificial cyber risk cyber cyber skills data analytics posture posture shadow shadow posture IT posture threat IT shadow threat posture intelligence shadow IT intelligence threat shadow IT intelligence threat algorithm IT algorithm threat intelligence intelligence algorithm algorithm algorithm governance governance cyber cyber algorithm algorithm algorithm artificial artificial artificial phishing attack security automation security posture algorithm algorithm artificial artificial intelligence intelligence algorithm cyber cyber governance artificial governance intelligence cyber governance learning malicious threat phishing attack security automation security posture shadow IT threat intelligence cyber governance cyber risk cyber security phishing attack security automation security posture security cyber skills data analytics insider threat log algorithm artificial intelligence cyber governance cyber intelligence algorithm artificial intelligence cyber intelligence cyber cyber cyber skills skills data data analytics analytics insider insider threat threat log log files files machine machine cyber risk cyber security cyber skills data analytics threat phishing attack security automation security intelligence cyber governance governance cyber risk cyber cyber risk cyber security cyber skills intelligence cyber algorithm artificial intelligence cyber governance learning malicious threat phishing attack security phishing attack security phishing automation attack security security posture automation security posture threat log files machine learning malicious governance threat threat phishing attack security automation security insider threat log insider files threat machine log learning files machine malicious learning intelligence algorithm artificial intelligence cyber intelligence cyber governance cyber risk cyber security automation security posture shadow IT threat governance governance cyber cyber intelligence cyber governance cyber risk cyber security automation automation security posture security shadow posture IT shadow threat IT threat cyber security cyber cyber skills security data analytics cyber insider skills data analytics insider intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence cyber cyber cyber security cyber skills data analytics insider shadow IT threat intelligence algorithm artificial shadow IT threat intelligence algorithm artificial governance cyber governance risk cyber cyber security risk cyber skills security data cyber skills data malicious intelligence algorithm artificial intelligence cyber automation security posture shadow IT threat cyber risk security skills data analytics shadow IT intelligence algorithm artificial files files machine machine learning learning malicious malicious threat threat phishing phishing attack attack intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber cyber learning learning malicious malicious threat threat phishing phishing attack attack security security insider threat log files machine learning malicious analytics insider threat log files machine learning threat log threat log files machine learning malicious threat algorithm artificial governance cyber intelligence cyber security cyber skills data analytics insider threat log threat log files machine learning malicious threat phishing phishing attack attack security security automation automation security security posture posture automation security posture shadow IT threat cyber security cyber skills data analytics insider governance cyber risk cyber security cyber skills data algorithm artificial intelligence cyber governance phishing attack security automation security posture algorithm artificial insider threat log insider files machine threat log learning files machine malicious learning malicious shadow IT threat intelligence algorithm artificial cyber skills data analytics insider threat log files machine posture shadow IT threat intelligence algorithm threat log files machine learning malicious threat security security cyber skills cyber data skills analytics data analytics insider insider threat log threat log automation security posture shadow IT threat shadow IT threat intelligence algorithm artificial cyber skills data analytics insider threat log files machine algorithm algorithm artificial intelligence artificial intelligence cyber governance cyber governance learning malicious threat phishing attack algorithm algorithm artificial artificial intelligence cyber insider threat log files machine learning malicious artificial artificial intelligence artificial intelligence artificial intelligence cyber artificial cyber intelligence governance governance intelligence cyber governance cyber cyber cyber cyber governance risk risk governance cyber risk cyber cyber risk risk algorithm artificial intelligence cyber governance cyber risk risk cyber cyber security security cyber risk cyber security cyber skills data analytics intelligence intelligence intelligence cyber cyber cyber shadow IT threat intelligence algorithm artificial cyber cyber risk risk cyber cyber security security cyber cyber skills risk skills data cyber data analytics security analytics cyber skills data analytics automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber cyber skills data analytics insider threat log files machine shadow IT threat intelligence algorithm artificial files machine learning malicious threat phishing attack risk cyber security cyber skills data analytics insider governance cyber risk cyber security cyber skills data governance cyber learning learning malicious malicious threat threat phishing phishing attack attack security security insider threat log files machine learning malicious posture shadow IT threat intelligence algorithm analytics insider threat log files machine governance cyber algorithm artificial risk cyber security cyber skills data analytics insider automation security posture shadow IT threat shadow IT threat intelligence shadow algorithm IT threat artificial intelligence algorithm artificial phishing attack security automation security risk cyber posture security algorithm artificial algorithm intelligence artificial cyber intelligence governance cyber governance threat phishing threat attack phishing security attack automation security security automation security learning governance cyber risk cyber security cyber skills data security cyber skills data analytics insider threat log intelligence algorithm artificial intelligence cyber risk risk cyber cyber security security cyber skills data analytics insider threat log files machine intelligence intelligence algorithm algorithm artificial intelligence artificial intelligence cyber cyber threat log files machine threat learning log files malicious machine threat learning malicious threat governance governance cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data posture shadow IT threat intelligence algorithm intelligence cyber governance cyber risk cyber security intelligence cyber governance cyber risk cyber security analytics insider analytics threat log insider files machine threat log learning files machine learning governance cyber risk cyber security cyber skills data algorithm artificial intelligence algorithm artificial intelligence cyber insider threat log files machine learning malicious intelligence cyber governance cyber risk cyber security security automation automation security security posture posture shadow shadow IT IT threat threat security security cyber cyber skills skills data data analytics analytics insider insider threat threat log log automation automation security security posture posture shadow shadow IT threat IT threat threat phishing attack security automation security phishing phishing attack security attack security automation automation security security posture posture intelligence cyber risk cyber security governance cyber threat log files machine learning malicious threat files machine learning malicious threat phishing attack phishing attack security automation security posture shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm artificial artificial intelligence algorithm artificial intelligence cyber threat log files machine learning malicious threat analytics insider threat log files machine learning shadow IT threat intelligence algorithm artificial algorithm algorithm artificial algorithm algorithm artificial intelligence artificial artificial intelligence cyber intelligence intelligence governance cyber cyber governance cyber governance governance intelligence cyber threat phishing attack threat security phishing automation attack security security automation security intelligence cyber governance cyber risk cyber security learning malicious threat phishing attack security artificial intelligence cyber governance cyber risk phishing attack security automation security posture files machine files machine learning malicious threat phishing attack intelligence algorithm artificial intelligence cyber intelligence cyber governance cyber risk cyber security learning malicious threat phishing attack security cyber risk cyber cyber risk security cyber cyber security skills cyber data skills analytics data analytics automation security posture shadow IT threat intelligence intelligence cyber governance cyber algorithm algorithm artificial artificial threat phishing attack security automation security cyber risk cyber security cyber skills data analytics cyber security security cyber cyber security cyber skills cyber skills security cyber data security data analytics skills cyber analytics cyber data skills insider analytics skills insider data data analytics insider analytics insider insider insider cyber cyber skills skills data data governance governance governance cyber cyber cyber intelligence cyber governance cyber risk cyber security cybersecurityeurope insider insider threat threat log log files files machine machine insider learning learning threat malicious log malicious files machine learning malicious intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data learning malicious threat phishing attack security intelligence cyber governance cyber risk cyber security automation security posture shadow IT threat threat log files machine learning malicious threat analytics insider threat log files machine learning risk cyber security automation automation security security posture posture shadow shadow IT threat IT threat algorithm artificial intelligence cyber governance threat phishing attack security automation security artificial intelligence cyber governance cyber risk risk cyber security insider threat log files machine learning malicious intelligence cyber threat log files machine learning malicious threat intelligence algorithm artificial intelligence cyber intelligence cyber governance intelligence cyber cyber risk governance risk cyber shadow IT threat intelligence algorithm cyber artificial skills data algorithm artificial intelligence cyber governance cyber risk cyber cyber security risk cyber cyber security skills data cyber analytics skills data analytics posture shadow posture IT threat shadow intelligence IT threat algorithm intelligence algorithm analytics insider threat log files machine learning files machine learning malicious threat phishing attack governance cyber risk cyber security cyber skills data cyber cyber skills skills data data learning malicious threat phishing attack security governance governance cyber risk cyber cyber risk security cyber cyber skills cyber data skills data phishing attack security phishing automation attack security security automation posture security posture algorithm algorithm algorithm artificial artificial artificial intelligence intelligence intelligence cyber cyber cyber governance governance governance analytics analytics insider insider threat threat log log files files machine machine learning learning cyber skills data analytics insider threat log files machine cyber skills data analytics insider threat log files machine analytics insider threat log files machine learning intelligence cyber governance cyber risk cyber security cyber skills data phishing attack security automation security algorithm artificial intelligence cyber governance intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence cyber cyber files files machine machine learning learning malicious malicious threat threat phishing phishing attack attack intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence cyber cyber posture shadow IT threat intelligence algorithm shadow shadow IT threat IT intelligence threat intelligence algorithm algorithm artificial artificial governance cyber cyber skills data risk security algorithm artificial intelligence governance artificial intelligence cyber governance cyber risk security automation security posture shadow IT threat shadow IT threat intelligence algorithm artificial intelligence cyber cyber governance governance cyber cyber risk risk cyber cyber governance cyber risk cyber security cyber skills data phishing attack security automation security posture malicious threat phishing attack security automation intelligence governance cyber risk cyber security cyber risk cyber cyber cyber risk cyber security cyber risk risk cyber security cyber cyber security skills security cyber data cyber skills cyber analytics skills data skills data analytics data analytics analytics posture shadow IT posture threat shadow intelligence IT threat algorithm intelligence algorithm cyber skills data analytics insider threat log files machine automation posture shadow IT threat cyber security cyber skills data analytics insider shadow IT threat intelligence algorithm artificial security security automation automation security security posture posture shadow shadow IT threat IT threat governance risk cyber security cyber skills data phishing attack security automation security posture cyber skills data analytics insider threat log files machine automation security posture shadow IT threat insider threat insider log threat files machine log files learning machine malicious learning malicious intelligence algorithm artificial intelligence cyber governance governance cyber cyber risk cyber security intelligence intelligence cyber cyber posture shadow IT threat intelligence algorithm threat threat log log files threat files machine machine log threat files learning log machine learning files log malicious files machine learning malicious machine learning threat malicious threat learning malicious threat malicious threat threat threat log files machine learning malicious threat analytics analytics insider insider risk risk risk cyber cyber cyber security security security cyber skills data analytics insider threat log files machine algorithm artificial intelligence cyber governance threat threat phishing phishing attack attack security security threat automation automation phishing attack security security security automation security governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning automation security posture shadow IT threat security cyber skills data analytics insider threat log intelligence algorithm artificial intelligence cyber posture cyber skills data intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence cyber cyber cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm cyber security cyber skills data analytics insider algorithm artificial insider threat log files machine learning cyber skills data governance cyber phishing attack security automation security posture governance cyber risk security cyber skills data security cyber skills data security analytics cyber insider skills threat data log analytics insider threat log intelligence cyber governance cyber risk analytics cyber security insider insider threat insider log files threat machine log files learning machine malicious learning malicious artificial intelligence artificial cyber intelligence governance cyber cyber governance risk cybermalicious risk security automation security posture shadow IT threat analytics insider threat log files machine learning analytics analytics insider insider automation security posture shadow IT threat analytics insider analytics threat insider log files machine log files learning machine learning shadow IT threat intelligence shadow IT algorithm threat intelligence artificial algorithm artificial cyber cyber cyber risk risk cyber risk cyber cyber security security security cyber cyber cyber skills skills skills data data data analytics analytics analytics malicious malicious threat threat phishing phishing attack attack security security automation automation threat phishing attack security automation security learning malicious threat phishing attack security cyber risk cyber security cyber skills data analytics learning malicious threat phishing attack security governance cyber analytics insider threat log files machine learning posture shadow IT threat intelligence algorithm governance governance cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data security security automation automation security security posture posture shadow shadow IT IT threat threat governance governance cyber cyber risk cyber risk cyber security security cyber skills skills data data artificial intelligence cyber governance cyber risk intelligence intelligence cyber governance cyber governance cyber risk cyber cyber risk cyber risk cyber security analytics insider cyber skills data cyber risk cyber security cyber skills data analytics algorithm artificial intelligence algorithm governance artificial cyber intelligence algorithm artificial intelligence cyber intelligence cyber governance cyber risk cyber security analytics insider threat log files machine learning shadow IT threat intelligence algorithm artificial cyber risk cyber security cyber skills data analytics security posture shadow IT threat intelligence cyber skills data analytics insider threat log files machine insider threat insider insider log threat insider files threat log machine threat files log machine log files learning files machine machine learning malicious learning learning malicious malicious malicious risk cyber security artificial intelligence artificial cyber intelligence governance cyber cyber governance risk cyber risk learning malicious threat phishing attack intelligence algorithm artificial intelligence cyber threat log files machine learning malicious threat intelligence cyber governance cyber risk cyber intelligence intelligence algorithm algorithm artificial intelligence cyber analytics insider threat log files machine learning cyber security cyber skills data analytics insider learning malicious threat phishing attack security intelligence algorithm artificial intelligence cyber threat phishing threat attack phishing security attack automation security automation security security governance cyber risk security cyber skills data risk risk cyber cyber security security cyber skills data governance governance cyber cyber artificial intelligence cyber governance cyber risk phishing phishing attack phishing attack security phishing security attack phishing automation attack security automation attack security automation security security security automation posture automation security posture security posture security posture posture phishing attack security automation security posture threat threat log log files files cyber cyber cyber skills skills skills data data data learning malicious threat phishing attack posture posture shadow shadow IT IT threat threat intelligence posture intelligence shadow algorithm algorithm IT threat algorithm analytics insider threat log files machine learning intelligence algorithm artificial intelligence cyber files machine learning malicious threat phishing attack governance cyber risk cyber security cyber skills data shadow IT threat intelligence algorithm artificial shadow IT threat intelligence algorithm artificial analytics insider governance governance cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk threat log files machine learning malicious threat intelligence cyber analytics insider risk cyber security cyber risk cyber security cyber skills data analytics shadow IT threat intelligence algorithm artificial analytics insider threat log files machine learning files machine learning malicious files machine threat learning phishing malicious attack threat phishing attack cyber skills data analytics insider threat threat log files log machine files threat phishing threat attack phishing security attack automation security security automation security security cyber cyber security skills data cyber analytics skills data insider analytics insider intelligence algorithm artificial intelligence cyber malicious threat phishing attack security automation threat threat log log files files intelligence algorithm artificial intelligence cyber intelligence cyber governance intelligence cyber cyber risk governance cyber cyber risk cyber threat phishing attack security automation security insider insider insider threat threat threat log log files log files files machine machine machine learning learning learning malicious malicious malicious security security posture posture shadow shadow IT IT threat threat intelligence intelligence automation security posture shadow IT threat automation security posture shadow IT threat risk cyber security artificial intelligence cyber governance cyber risk analytics analytics insider insider threat threat log log files files machine machine learning learning intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence cyber analytics analytics insider insider threat threat log files log machine files machine learning learning cyber security cyber skills data analytics insider security security cyber skills cyber data skills analytics data analytics insider insider threat log threat log cyber skills data threat log files analytics insider posture shadow IT threat intelligence algorithm insider threat log files machine learning malicious insider threat log files machine learning malicious risk cyber security cyber skills data intelligence analytics insider cyber governance cyber risk cyber security cyber skills data skills data analytics insider threat log files machine intelligence cyber governance cyber risk cyber algorithm artificial intelligence cyber governance learning malicious threat phishing attack security threat phishing threat threat phishing attack threat phishing security phishing attack attack security automation attack security security automation security automation automation security security security cyber skills data algorithm artificial intelligence cyber governance cyber security cyber cyber skills security data cyber analytics skills insider data analytics insider automation posture shadow IT threat governance cyber risk cyber security cyber skills data phishing attack security automation security posture security cyber skills data analytics insider threat log governance governance cyber risk cyber cyber risk security cyber security cyber skills cyber data skills data automation security posture shadow IT threat governance cyber risk cyber security cyber skills data posture shadow posture IT shadow threat intelligence IT threat intelligence algorithm algorithm analytics insider threat log files machine learning cyber cyber skills skills data data analytics insider insider threat log files machine learning malicious risk risk cyber cyber security security cyber security cyber skills data analytics insider shadow shadow IT threat IT shadow threat intelligence shadow IT intelligence threat shadow IT intelligence threat algorithm IT algorithm threat intelligence artificial intelligence algorithm artificial algorithm artificial algorithm artificial artificial shadow IT threat intelligence algorithm artificial machine machine learning learning analytics analytics analytics insider insider insider automation security posture shadow IT threat artificial artificial intelligence intelligence cyber cyber governance artificial governance intelligence cyber cyber risk cyber risk governance cyber risk governance cyber risk cyber security cyber skills data security automation security posture shadow IT threat analytics insider threat log files machine learning threat log files machine learning malicious threat intelligence cyber governance cyber risk security threat log files analytics analytics insider insider threat threat log log files files machine learning threat phishing attack security automation security cyber security cyber skills data analytics insider phishing attack security automation security posture governance cyber threat log files cyber skills data intelligence cyber governance cyber risk cyber security security automation security security posture automation shadow security IT threat posture shadow IT threat learning malicious threat phishing attack machine security learning posture shadow posture IT threat shadow intelligence IT threat algorithm intelligence algorithm threat log files threat machine log learning files machine malicious learning threat malicious threat governance cyber risk cyber security cyber skills data intelligence cyber governance cyber risk cyber security security posture shadow IT threat intelligence machine machine learning learning governance cyber risk cyber security cyber skills data security cyber skills security data analytics cyber insider skills data threat analytics log insider threat log threat threat threat phishing phishing phishing attack attack attack security security security automation automation automation security security security algorithm artificial intelligence cyber governance algorithm algorithm artificial artificial intelligence intelligence cyber cyber governance governance insider threat log files machine learning malicious intelligence algorithm artificial intelligence cyber intelligence algorithm artificial intelligence cyber cyber skills data cyber security cyber skills data analytics insider malicious malicious threat threat phishing phishing attack attack security security automation automation governance governance cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data posture shadow IT threat intelligence threat log files machine learning malicious threat files machine files machine learning learning malicious malicious threat phishing threat phishing attack attack analytics insider machine learning files threat phishing attack security automation security threat log files machine learning malicious governance threat cyber analytics insider threat log files machine learning learning malicious threat phishing attack security security cyber skills data analytics insider threat log cyber risk cyber security cyber skills data analytics automation security posture shadow IT threat posture posture shadow posture shadow IT posture threat shadow IT shadow intelligence threat IT threat IT intelligence threat algorithm intelligence intelligence algorithm algorithm algorithm analytics insider threat log files machine threat log learning files machine malicious learning threat malicious threat algorithm intelligence algorithm artificial intelligence cyber analytics insider shadow IT threat intelligence algorithm artificial files machine learning malicious threat phishing attack analytics analytics insider insider threat log threat files log machine files machine learning learning artificial intelligence cyber governance cyber risk intelligence algorithm artificial intelligence cyber threat phishing attack security automation security analytics insider threat log files machine learning artificial intelligence artificial cyber governance cyber governance cyber risk cyber risk analytics analytics insider insider threat log files cyber cyber skills skills data data threat log files machine learning malicious threat intelligence intelligence intelligence cyber cyber governance governance intelligence cyber governance cyber cyber cyber risk risk governance cyber cyber cyber risk cyber cyber cyber risk cyber intelligence cyber governance cyber risk cyber security malicious malicious threat threat threat threat threat log log log files files files intelligence algorithm artificial intelligence cyber cyber risk cyber security cyber skills data analytics cyber cyber security security cyber cyber skills skills data cyber data analytics security analytics insider cyber insider skills data analytics insider analytics insider threat log files machine learning intelligence algorithm artificial intelligence cyber malicious threat phishing attack security automation cyber skills data analytics insider threat log files machine machine learning posture shadow IT threat intelligence algorithm threat log files machine learning malicious threat threat phishing attack security automation security shadow IT threat intelligence algorithm artificial risk cyber security machine learning analytics insider cyber skills data analytics insider threat log files machine intelligence algorithm artificial intelligence intelligence algorithm cyber artificial intelligence cyber automation security posture shadow IT malicious threat threat artificial intelligence artificial cyber intelligence governance cyber cyber governance risk cyber risk phishing attack phishing security attack automation security security automation posture security posture analytics insider threat log files machine learning cyber skills data analytics insider threat log files machine learning algorithm artificial intelligence cyber governance phishing attack security automation security posture malicious malicious threat threat analytics insider threat log files machine learning files machine learning files malicious machine threat learning phishing malicious attack threat phishing attack posture posture posture shadow shadow shadow IT threat IT IT threat threat intelligence intelligence intelligence algorithm algorithm algorithm cyber risk cyber security cyber skills data analytics cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data analytics analytics governance cyber risk cyber security cyber skills data governance cyber risk cyber security cyber skills data analytics insider log files machine learning malicious threat security security posture posture shadow shadow IT IT threat threat intelligence intelligence analytics analytics insider insider threat threat log log files files machine machine learning learning phishing attack security automation security posture security security automation automation security security posture posture shadow shadow IT threat IT threat threat log files malicious threat machine learning threat phishing attack security automation security posture shadow IT threat intelligence algorithm phishing attack security automation risk security cyber security posture malicious threat phishing attack security automation automation security posture shadow IT threat files machine learning malicious threat phishing attack insider threat log files machine learning malicious intelligence algorithm artificial intelligence cyber artificial artificial intelligence artificial artificial intelligence cyber intelligence intelligence governance cyber cyber governance cyber cyber governance governance risk cyber cyber risk cyber risk risk threat log files phishing attack security phishing automation attack security security automation posture security posturecyber risk governance cyber risk cyber security cyber skills data artificial intelligence cyber governance intelligence cyber governance risk cyber security automation security posture shadow IT threat malicious malicious phishing threat phishing attack security attack security automation automation governance cyber risk cyber security cyber skills data cyber security cyber cyber security skills cyber data skills analytics data analytics insider insider threat threat log log files files machine learning analytics analytics insider insider phishing attack security automation security posture security security cyber security cyber skills skills cyber data security data analytics skills analytics cyber data insider analytics skills insider threat data threat insider analytics log log threat insider log threat log cyber skills data analytics insider threat log files machine phishing phishing attack attack machine machine machine learning learning learning governance cyber risk cyber security cyber skills data threat threat log log files files machine machine learning learning threat malicious log malicious files machine threat threat learning malicious threat governance cyber risk cyber security cyber skills data cyber security cyber skills data analytics insider security posture shadow IT threat intelligence posture shadow IT threat intelligence algorithm learning malicious threat phishing attack security malicious threat artificial intelligence cyber governance cyber risk phishing attack security automation security posture intelligence cyber governance cyber risk cyber cyber skills data malicious threat threat log files learning malicious threat phishing attack security insider threat log files machine learning malicious governance cyber risk cyber governance security cyber cyber risk skills cyber data security cyber skills data intelligence algorithm artificial intelligence phishing cyber attack cyber security cyber cyber security skills data cyber analytics skills data insider analytics insider shadow IT threat shadow intelligence IT threat algorithm intelligence artificial algorithm artificial algorithm artificial intelligence cyber governance malicious phishing attack security automation cyber risk cyber security cyber skills data analytics phishing phishing attack attack algorithm artificial intelligence cyber governance posture shadow IT threat intelligence algorithm security automation security security automation posture shadow security IT threat posture shadow IT threat artificial artificial artificial intelligence intelligence intelligence cyber cyber cyber governance governance governance cyber cyber cyber risk risk risk insider threat log files machine learning malicious insider insider threat threat log log files files machine machine learning learning malicious malicious analytics insider threat log files machine learning analytics insider threat log files machine learning threat log files phishing attack security automation security posture shadow IT threat intelligence algorithm artificial algorithm algorithm artificial artificial intelligence intelligence cyber cyber governance governance malicious malicious threat phishing phishing attack attack security security automation automation shadow IT intelligence algorithm artificial intelligence intelligence algorithm artificial intelligence cyber machine learning phishing attack malicious threat algorithm artificial intelligence cyber governance artificial intelligence cyber governance cyber risk shadow IT threat intelligence algorithm cyber artificial skills data security posture shadow IT threat intelligence intelligence algorithm artificial intelligence cyber security automation security posture shadow IT threat threat phishing attack security automation security governance cyber risk cyber security cyber skills data cyber security cyber cyber security cyber cyber security skills security cyber data cyber skills cyber analytics skills data skills data analytics insider data analytics analytics insider insider insider machine learning shadow IT threat shadow intelligence IT threat algorithm intelligence artificial algorithm artificial analytics insider threat log files machine learning security cyber skills data analytics insider threat log intelligence algorithm artificial intelligence cyber security security posture posture shadow shadow IT threat IT intelligence threat intelligence posture shadow IT threat intelligence algorithm analytics insider threat log files machine learning threat log threat files machine log files learning machine malicious learning malicious threat machine machine learning learning malicious threat threat threat log log files files shadow IT threat intelligence algorithm artificial files files machine machine files learning machine learning malicious files learning malicious machine threat malicious threat learning phishing phishing threat malicious attack phishing attack threat attack phishing attack learning malicious threat phishing attack security security security malicious malicious malicious threat threat threat analytics insider threat log files machine learning cyber security cyber skills data analytics insider phishing phishing attack attack security security automation automation phishing attack security security security posture posture automation security posture analytics insider threat log files machine learning algorithm artificial intelligence cyber governance automation security posture shadow IT threat phishing attack cyber security cyber skills data analytics insider shadow IT threat intelligence algorithm artificial security cyber skills data analytics insider log analytics insider phishing attack machine learning automation security posture shadow IT threat analytics insider threat log analytics files machine insider threat learning log files machine learning governance cyber risk cyber security cyber security skills data threat log files threat machine log files learning machine malicious learning threat malicious threat intelligence cyber intelligence governance cyber cyber governance risk cyber cyber risk cyber threat log files machine learning malicious threat security posture shadow IT threat intelligence insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk security security intelligence algorithm intelligence artificial intelligence algorithm artificial cyber intelligence cyber cyber cyber cyber security security security cyber cyber cyber skills skills skills data data data analytics analytics analytics insider insider insider threat phishing attack security automation security threat threat phishing phishing attack attack security security automation automation security security algorithm artificial intelligence cyber governance threat phishing attack security automation security cyber risk cyber security cyber skills data analytics machine learning shadow IT threat intelligence algorithm artificial cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data analytics analytics security security posture posture shadow shadow IT IT threat threat intelligence intelligence cyber risk cyber security cyber skills data analytics artificial intelligence cyber governance cyber risk intelligence cyber governance cyber risk cyber governance governance cyber risk cyber cyber risk security cyber security cyber skills cyber data skills data malicious threat security phishing attack cyber security cyber skills data analytics insider intelligence cyber governance cyber analytics risk cyber insider security algorithm artificial intelligence cyber governance governance cyber risk cyber security cyber skills data intelligence algorithm artificial intelligence cyber posture shadow IT threat intelligence algorithm analytics insider threat log files machine learning intelligence cyber governance cyber risk cyber security algorithm artificial intelligence cyber governance threat log threat files threat log machine threat files log machine log files learning files machine machine learning malicious learning learning malicious threat malicious malicious threat threat threat malicious threat intelligence cyber intelligence governance cyber cyber governance risk cyber cyber risk cyber files machine learning malicious threat phishing attack governance cyber risk cyber security cyber skills data algorithm algorithm artificial artificial intelligence intelligence cyber governance cyber governance cyber risk cyber security cyber skills data analytics phishing attack phishing security attack automation security automation security posture security posture malicious malicious threat threat phishing attack machine machine learning learning intelligence cyber governance cyber risk cyber security security automation security automation automation security security security posture automation security posture shadow shadow posture security IT threat IT shadow threat posture IT threat shadow IT threat automation security posture shadow IT threat automation automation phishing phishing phishing attack attack attack shadow shadow IT IT threat threat intelligence intelligence shadow algorithm algorithm IT threat artificial artificial intelligence algorithm artificial malicious threat phishing attack security automation cyber risk cyber security cyber skills data analytics artificial intelligence cyber governance cyber risk intelligence algorithm artificial intelligence cyber algorithm artificial intelligence cyber governance security threat log files machine learning malicious threat intelligence cyber governance cyber risk cyber files machine learning malicious threat phishing attack threat log files security algorithm algorithm artificial artificial intelligence intelligence cyber governance cyber governance malicious threat intelligence algorithm artificial intelligence cyber threat log files machine learning malicious malicious threat phishing malicious attack security threat phishing automation attack security automation analytics insider threat log files machine automation learning phishing attack phishing security attack automation security security automation posture posture security cyber security skills data cyber analytics skills data insider analytics threat insider threatthreat log algorithm artificial intelligence cyber governance threat phishing attack automation security algorithm artificial intelligence cyber governance automation automation governance cyber risk governance cyber security cyber cyber risk cyber skills security data cyber skills data log threat threat threat log log files log files files machine machine machine learning learning learning malicious malicious malicious threat threat threat posture shadow IT threat intelligence algorithm posture posture shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm malicious threat phishing attack security automation security posture intelligence cyber governance cyber risk cyber cyber security cyber skills data analytics insider insider insider threat threat log log files files machine machine learning learning malicious malicious algorithm algorithm artificial artificial intelligence intelligence cyber cyber governance governance security cyber skills data analytics insider threat log analytics analytics insider insider threat log threat files log machine files machine learning learning phishing attack automation security cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm threat log files machine learning malicious threat cyber skills data analytics insider threat threat log log files files machine cyber risk cyber security skills data analytics analytics insider threat log files machine learning insider threat log files machine learning malicious governance cyber risk cyber security cyber skills data artificial intelligence cyber governance cyber risk cyber skills data analytics insider threat log files machine learning phishing phishing attack phishing security phishing attack attack security automation attack security security automation security automation automation security posture security security posture posture posture phishing attack insider threat log files machine learning cyber security cyber skills data analytics insider security cyber skills security data cyber analytics skills insider data analytics threat log insider threat log malicious security automation security posture shadow IT threat analytics insider threat log files machine learning cyber risk cyber risk security cyber security cyber skills cyber data skills analytics data analytics shadow IT shadow threat intelligence IT threat intelligence algorithm algorithm artificial artificial phishing phishing attack attack security malicious malicious threat threat intelligence intelligence intelligence algorithm algorithm artificial algorithm artificial intelligence artificial intelligence algorithm intelligence cyber artificial cyber intelligence cyber cyber cyber risk cyber security skills data analytics intelligence algorithm artificial intelligence cyber security security security intelligence intelligence cyber cyber governance governance intelligence cyber cyber risk cyber risk cyber cyber governance cyber risk cyber algorithm artificial intelligence cyber governance security posture shadow IT threat intelligence insider threat log files machine learning malicious insider threat log files machine learning malicious governance cyber risk cyber security cyber skills data automation phishing attack security automation security posture security cyber skills data analytics insider log security automation security posture shadow IT threat machine learning automation phishing attack governance cyber risk cyber security cyber skills data security posture shadow security IT threat posture intelligence shadow IT threat intelligence shadow IT threat shadow intelligence IT threat algorithm intelligence artificial algorithm artificial files machine learning files machine malicious learning threat malicious phishing threat attack phishing attack cyber security cyber skills data analytics insider cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm cyber risk security cyber skills data analytics analytics insider threat analytics log insider threat log files machine learning phishing phishing phishing attack attack attack security security security automation automation automation security security security posture posture posture artificial intelligence cyber governance cyber risk artificial artificial intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber risk cyber cyber risk security cyber security cyber skills cyber data skills analytics data analytics phishing attack security automation security posture phishing attack security cyber skills data analytics insider threat log cyber risk cyber security cyber skills data analytics threat threat phishing phishing attack attack security security automation automation security security cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data analytics analytics files machine learning malicious threat phishing attack malicious malicious threat phishing threat phishing attack security attack security automation automation security automation algorithm artificial intelligence cyber governance phishing attack security automation security posture learning malicious threat phishing attack machine security learning insider threat log files machine learning malicious shadow IT threat intelligence algorithm artificial analytics insider threat log files machine learning threat log files machine learning malicious threat shadow shadow IT threat shadow IT shadow intelligence IT threat IT intelligence threat algorithm intelligence intelligence algorithm artificial algorithm algorithm artificial artificial artificial security files machine learning files machine malicious learning threat phishing malicious attack threat phishing attack intelligence algorithm artificial cyber malicious threat phishing attack security automation insider insider threat log threat files log machine files machine learning learning malicious malicious insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk intelligence intelligence cyber governance cyber governance cyber risk cyber risk cyber threat phishing attack security automation security security security automation phishing phishing attack attack governance governance governance cyber cyber risk risk governance cyber cyber cyber security risk security cyber cyber cyber security cyber risk skills cyber skills cyber data security data skills cyber data skillsposture data governance cyber risk cyber security cyber skills data threat log files machine learning malicious threat automation automation automation security security cyber cyber skills skills data data analytics security analytics insider cyber insider skills threat threat data log log analytics insider threat log algorithm artificial intelligence cyber governance threat phishing attack security automation security analytics insider threat log files machine learning shadow IT threat intelligence algorithm artificial files machine learning malicious threat phishing attack intelligence algorithm artificial intelligence cyber malicious threat insider threat log files machine learning malicious security analytics insider threat log files machine learning algorithm artificial intelligence algorithm cyber artificial governance intelligence cyber governance intelligence cyber intelligence governance cyber cyber governance risk cyber cyber risk cyber security automation security security automation posture security shadow IT threat shadow IT threat cyber risk cyber security cyber skills data analytics threat phishing attack security automation security insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk algorithm artificial intelligence cyber governance malicious threat phishing malicious attack threat security phishing automation attack security automation shadow shadow shadow IT threat IT IT threat threat intelligence intelligence intelligence algorithm algorithm algorithm artificial artificial artificial cyber security cyber skills data analytics insider security files machine learning malicious threat phishing attack threat log files machine learning malicious threat posture posture shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm insider threat log files machine learning malicious insider insider threat threat log log files files machine machine learning learning malicious malicious security automation security posture shadow IT threat security security posture posture shadow shadow IT threat IT intelligence threat intelligence algorithm artificial intelligence cyber governance automation insider insider threat log threat files log machine files machine learning learning malicious malicious shadow IT threat intelligence algorithm artificial shadow IT threat intelligence algorithm artificial automation security posture shadow malicious IT threat threat threat phishing attack security automation security malicious threat phishing attack security automation insider threat log files machine learning malicious intelligence intelligence cyber intelligence intelligence governance cyber cyber governance cyber cyber governance governance risk cyber cyber cyber risk cyber cyber risk risk cyber cyber automation security automation security security posture security shadow IT posture threat shadow IT threat governance cyber risk cyber security cyber skills data security posture shadow IT threat intelligence threat phishing threat phishing attack security attack security automation automation security security cyber risk cyber security cyber skills data analytics security cyber security skills cyber data skills analytics data analytics insider threat insider log threat log automation automation intelligence cyber governance cyber risk cyber security security security analytics analytics insider analytics insider threat threat insider analytics log log files threat files machine insider machine log files threat learning machine learning log files learning machine learning phishing attack security automation security posture analytics insider threat log files machine learning files files machine machine learning learning malicious malicious files machine threat threat phishing learning phishing attack malicious attack threat phishing attack cyber risk cyber security cyber skills data analytics threat phishing attack security automation security posture shadow IT threat intelligence algorithm cyber security cyber skills data analytics insider posture shadow IT threat intelligence algorithm intelligence cyber governance security automation security posture shadow IT threat governance cyber risk cyber security cyber skills data phishing attack phishing attack security automation security posture automation cyber risk cyber security cyber cyber risk skills cyber data security analytics cyber skills data analytics security skills data analytics insider threat log intelligence algorithm intelligence artificial algorithm intelligence artificial cyber intelligence cyber threat phishing attack security automation security cyber risk cyber security cyber skills data analytics security posture shadow security IT threat posture intelligence shadow IT threat intelligence intelligence intelligence intelligence cyber cyber cyber governance governance governance cyber cyber cyber risk risk cyber risk cyber cyber algorithm artificial intelligence cyber governance threat log files machine learning malicious threat threat phishing attack security automation security insider threat log files machine learning malicious automation posture shadow IT threat intelligence algorithm security automation security posture shadow IT threat artificial artificial intelligence intelligence cyber cyber governance governance cyber cyber risk risk threat threat phishing phishing attack attack security security automation automation security security intelligence algorithm artificial intelligence cyber algorithm algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics algorithm artificial intelligence cyber governance intelligence cyber governance cyber risk cyber intelligence algorithm artificial intelligence phishing cyber attack posture shadow IT threat intelligence algorithm security posture shadow IT threat intelligence phishing attack security automation security posture threat phishing attack security automation security security security security skills security cyber data cyber skills cyber analytics skills data skills data analytics insider data analytics analytics threat insider insider log threat insider threat log threat log log intelligence algorithm intelligence artificial algorithm intelligence artificial cyber intelligence cyber risk cyber security analytics insider threat files machine learning algorithm artificial intelligence cyber governance posture posture shadow shadow ITlog threat IT intelligence threat intelligence algorithm algorithm threat phishing threat phishing attack security attack security automation automation security security intelligence cyber governance cyber files machine files learning machine malicious learning malicious threat phishing threat attack phishing attack cyber skills data analytics insider threat log files machine learning automation automation malicious malicious threat malicious phishing phishing threat malicious attack phishing attack security threat security attack phishing automation security automation attack automation security automation threat phishing attack security automation security security security automation automation security security security posture posture automation shadow shadow IT security IT threat threat posture shadow IT security threat insider threat log files machine learning malicious insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk security cyber skills data analytics insider threat log intelligence algorithm artificial intelligence cyber analytics insider threat log files machine learning security shadow IT threat intelligence algorithm artificial algorithm artificial intelligence cyber governance insider threat log files machine insider threat learning log malicious files machine learning malicious files machine learning malicious threat phishing attack governance cyber governance risk cyber cyber security risk cyber cyber skillsthreat data cyber skills data posture shadow IT threat intelligence algorithm threat log files machine learning malicious posture shadow IT threat intelligence algorithm insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk algorithm artificial intelligence algorithm artificial cyber governance intelligence cyber governance security security security cyber cyber cyber skills skills skills data data data analytics analytics analytics insider insider insider threat threat threat log log log phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence algorithm artificial intelligence cyber posture posture shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm governance cyber risk cyber security cyber skills data cyber risk cyber cyber risk security cyber security cyber skills cyber data skills analytics data analytics insider threat log files machine learning malicious cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm cyber risk cyber security cyber skills data analytics security cyber skills data analytics insider threat log governance cyber risk security security cyber skills data artificial intelligence cyber governance cyber risk threat phishing attack security automation security artificial intelligence cyber governance cyber risk algorithm artificial intelligence cyber governance files machine files machine files learning files machine machine learning malicious learning learning malicious threat malicious phishing malicious threat threat phishing attack threat phishing phishing attack attack attack governance cyber governance risk cyber cyber security risk cyber cyber skills security data cyber skills datamachine learning malicious threat phishing attack security automation cyber risk cyber security cyber skills data analytics artificial artificial intelligence intelligence cyber governance cyber governance cyber risk cyber risk cyber skills data analytics insider threat log files security automation security automation security posture security shadow posture IT shadow threat IT threat artificial security posture security posture shadow shadow posture security IT threat IT shadow threat posture intelligence IT intelligence threat shadow intelligence IT threat intelligence algorithm artificial intelligence cyber governance posture shadow IT threat intelligence algorithm intelligence intelligence algorithm algorithm artificial artificial intelligence intelligence intelligence algorithm cyber cyber artificial intelligence cyber threat phishing attack security automation security posture posture shadow shadow IT threat IT intelligence threat intelligence algorithm algorithm algorithm artificial intelligence cyber governance files machine learning malicious threat phishing attack governance cyber risk cyber security cyber skills data malicious threat phishing attack security automation automation posture shadow IT threat intelligence algorithm threat phishing attack security threat phishing automation attack security security automation security security automation security posture shadow IT threat analytics insider analytics threat log insider files threat machine log learning files machine learning threat phishing attack security automation security artificial intelligence cyber governance cyber risk threat phishing attack security automation security cyber risk cyber security cyber cyber risk cyber skills security data analytics cyber skills data analytics intelligence cyber governance cyber risk cyber security files files files machine machine machine learning learning learning malicious malicious malicious threat threat threat phishing phishing phishing attack attack attack cyber risk cyber security cyber skills data analytics shadow IT threat intelligence algorithm artificial artificial intelligence cyber governance cyber risk governance cyber risk cyber security cyber skills data phishing attack security automation security posture artificial artificial intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber security cyber skills data analytics insider analytics insider threat log files machine learning insider insider threat log threat files log machine files machine learning learning malicious malicious threat phishing attack security automation security insider threat log files machine learning malicious intelligence governance cyber risk cyber security files machine learning malicious threat phishing attack analytics insider threat log files machine automation learning cyber risk cyber cyber skills data analytics security security automation security security automation security automation automation security posture security security posture shadow posture shadow IT posture threat shadow IT shadow threat IT threat ITinsider threat analytics insider analytics threat log insider files machine threat log learning files machine learning security posture shadow IT threat intelligence insider threat log files machine learning malicious insider threat log files machine learning malicious algorithm algorithm artificial artificial intelligence intelligence cyber cyber governance governance artificial intelligence cyber governance cyber risk posture shadow IT threat intelligence algorithm intelligence intelligence algorithm algorithm artificial intelligence artificial intelligence cyber cyber cyber security cyber skills data analytics algorithm algorithm artificial algorithm artificial intelligence artificial intelligence algorithm intelligence cyber artificial cyber governance governance intelligence cyber governance cyber governance cyber risk cyber security cyber skills data analytics algorithm artificial intelligence cyber governance governance governance cyber cyber risk risk cyber cyber governance security security cyber cyber cyber skills risk skills data cyber data security cyber skills data posture shadow IT threat intelligence algorithm cyber risk cyber security cyber skills data analytics security automation security posture shadow IT threat analytics insider threat log files machine learning intelligence cyber governance cyber risk cyber security security posture shadow ITintelligence threat intelligence artificial intelligence cyber governance cyber risk posture shadow IT threat posture shadow algorithm IT threat intelligence algorithm intelligence algorithm artificial intelligence cyber malicious threat malicious phishing threat attack phishing security attack automation security automation artificial artificial intelligence intelligence cyber governance cyber governance cyber risk cyber risk posture shadow IT threat intelligence algorithm insider threat log files insider machine threat learning log files malicious machine learning malicious artificial intelligence cyber governance cyber risk algorithm artificial intelligence cyber governance cyber skills data analytics insider threat log files machine learning security security security automation automation automation security security security posture posture posture shadow shadow shadow IT threat IT IT threat threat intelligence cyber governance cyber risk cyber posture shadow IT threat intelligence algorithm analytics insider threat log files machine learning malicious threat phishing attack security automation threat phishing threat phishing attack security attack security automation automation security security posture shadow IT threat intelligence algorithm insider threat log files machine learning malicious threat phishing attack security automation security cyber skills data analytics insider threat log files machine learning security automation security posture shadow IT threat cyber security cyber skills data analytics insider insider threat log files machine learning malicious shadow IT threat intelligence algorithm artificial threat log files machine learning malicious threat intelligence intelligence algorithm intelligence intelligence algorithm artificial algorithm algorithm artificial intelligence artificial artificial intelligence cyber intelligence intelligence cyber cyber cyber malicious threat malicious phishing attack threat security phishing automation attack security automation algorithm artificial intelligence cyber governance threat phishing attack security automation security cyber cyber risk risk cyber cyber security security cyber cyber skills skills data data analytics analytics governance governance cyber risk cyber risk security cyber cyber security skills cyber data skills data cyber cyber risk risk cyber cyber cyber security risk security cyber cyber security cyber risk skills cyber skills cyber data security data analytics skills analytics cyber data analytics skills data analytics insider threat log files machine learning malicious analytics analytics insider insider threat threat log log analytics files files machine machine insider learning learning threat log files machine learning threat phishing attack security automation security cyber security cyber skills data analytics insider artificial intelligence cyber governance cyber risk artificial intelligence governance cyber risk insider threat log files machine learning malicious intelligence algorithm artificial intelligence cyber malicious threat phishing attack security automation threat log files machine learning malicious threat cyber skills data analytics insider threat log files machine learning algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics artificial intelligence cyber artificial governance intelligence cyber cyber risk governance cyber risk governance cyber risk cyber security cyber skills data security posture security shadow posture IT threat shadow intelligence IT threat intelligence artificial intelligence cyber governance cyber risk threat phishing attack threat security phishing automation attack security security automation security cyber risk cyber security cyber skills data analytics intelligence intelligence intelligence algorithm algorithm algorithm artificial artificial artificial intelligence intelligence intelligence cyber cyber cyber cyber security cyber skills data analytics insider cyber security cyber security cyber skills cyber data skills analytics data analytics insider insider malicious threat phishing attack security automation cyber security cyber skills data analytics insider security posture shadow IT threat intelligence posture posture shadow shadow IT threat IT intelligence threat intelligence algorithm algorithm artificial intelligence cyber governance cyber risk posture shadow IT threat intelligence algorithm intelligence algorithm artificial intelligence cyber artificial intelligence cyber governance cyber risk threat phishing attack security automation security governance governance cyber governance governance risk cyber cyber cyber risk cyber security cyber risk risk cyber security cyber security skills security cyber data cyber skills cyber skills data skills data data security posture security shadow IT posture threat shadow intelligence ITthreat threat intelligence cyber risk cyber security cyber skills data analytics threat phishing attack security automation security posture shadow IT threat intelligence algorithm algorithm artificial intelligence cyber governance cyber insider insider threat log log files files machine machine learning learning malicious malicious analytics analytics insider threat insider log threat files machine log files learning machine learning threat log files machine learning malicious intelligence cyber governance cyber risk cyber cybergovernance security insider insider threat threat insider log log files threat files machine insider machine log files threat learning machine learning log malicious files learning malicious machine malicious learning malicious threat phishing attack security automation security phishing attack security automation security posture malicious malicious threat threat phishing phishing attack malicious attack security security threat automation automation phishing attack security automation threat phishing attack security automation security governance cyber risk cyber security cyber skills data security posture shadow IT threat intelligence cyber risk cyber security cyber skills data analytics analytics insider threat log files machine learning algorithm artificial algorithm intelligence artificial cyber intelligence governance posture shadow IT threat intelligence algorithm threat log files machine learning malicious threat cyber security cyber skills data analytics insider cyber security cyber skills data analytics insider phishing attack security automation security posture posture shadow IT threat posture intelligence shadow IT algorithm threat intelligence algorithm insider threat log files machine learning malicious governance governance governance cyber cyber cyber risk risk cyber risk cyber cyber security security security cyber cyber cyber skills skills skills data data data insider threat log files machine learning malicious security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance artificial artificial intelligence intelligence cyber governance cyber governance cyber risk cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat artificial intelligence cyber governance cyber risk governance cyber risk cyber security cyber skills data threat log threat files log machine files machine learning learning malicious malicious threat threat posture shadow IT threat intelligence algorithm analytics analytics insider analytics analytics threat insider insider log threat insider files threat log machine threat files log machine log files learning files machine machine learning learning learning algorithm artificial algorithm intelligence artificial cyber intelligence governance cyber governance threat log files machine learning malicious threat insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk risk cyber security cyber skills data analytics insider threat threat phishing phishing attack attack security security automation automation security security malicious malicious threat phishing threat attack phishing security attack automation security automation cyber security cyber skills data analytics insider cyber skills data analytics insider threat log files machine learning threat threat phishing phishing threat attack phishing attack security threat security attack phishing automation security automation attack automation security security security automation security security posture shadow IT threat intelligence algorithm security security posture posture shadow shadow IT IT threat threat intelligence posture intelligence shadow IT threat intelligence posture shadow IT threat intelligence algorithm posture shadow IT threat intelligence algorithm analytics insider threat log files machine learning algorithm artificial intelligence cyber governance phishing attack security automation security posture insider threat log files machine learning malicious shadow IT threat intelligence algorithm artificial malicious threat phishing attack security automation cyber risk cyber cyber security risk cyber cyber security skills data cyber analytics skills data analytics threat log files machine learning malicious threat artificial intelligence artificial cyber governance intelligence cyber cyber risk governance cyber risk threat phishing attack security automation security analytics analytics analytics insider insider insider threat threat threat log log files log files files machine machine machine learning learning learning artificial intelligence cyber governance cyber risk phishing attack security automation security posture algorithm artificial intelligence cyber governance threat log files machine learning malicious threat shadow IT threat intelligence algorithm artificial cyber risk cyber security cyber skills data analytics threat log files machine learning malicious threat cyber security cyber skills data analytics insider analytics insider threat log files machine learning artificial intelligence cyber governance cyber risk malicious malicious threat malicious phishing malicious threat threat phishing attack threat phishing security phishing attack attack security automation attack security security automation automation automation cyber risk cyber cyber security risk cyber cyber skills security data cyber analytics skills data analytics threat phishing attack security automation security phishing attack security automation security posture threat log files machine learning malicious threat posture posture shadow shadow IT IT threat intelligence intelligence algorithm algorithm security posture security shadow posture IT shadow threat intelligence IT threat intelligence phishing phishing attack security attack security automation automation security security posture posture posture posture shadow shadow posture IT threat IT shadow threat posture intelligence IT intelligence threat shadow intelligence algorithm IT algorithm threat intelligence algorithm algorithm artificial intelligence cyber governance cyber risk algorithm algorithm artificial artificial intelligence intelligence algorithm cyber cyber governance artificial governance intelligence cyber governance phishing attack security automation security posture artificial intelligence cyber governance risk malicious threat phishing attack security automation cyber risk cyber security cyber skills data analytics threat log files machine learning malicious threat threat phishing attack security automation security security posture shadow IT threat intelligence insider threat log insider files threat machine log learning files machine malicious learning malicious artificial intelligence cyber governance cyber risk phishing attack security automation security posture shadow IT threat intelligence algorithm artificial posture shadow IT intelligence algorithm malicious malicious malicious threat threat threat phishing phishing phishing attack attack attack security security security automation automation automation intelligence cyber governance cyber risk cyber security cyber risk cyber security cyber skills data learning analytics insider threat log files machine learning malicious phishing attack security automation security posture threat log files machine learning malicious threat malicious threat phishing attack security automation cyber security cyber skills data analytics insider shadow IT threat intelligence algorithm artificial phishing attack security automation security posture intelligence cyber governance cyber risk cyber security security security posture security security posture shadow posture shadow IT posture threat shadow IT shadow intelligence threat IT threat IT intelligence threat intelligence intelligence insider threat log insider files machine threat log learning files machine malicious malicious posture shadow IT threat intelligence algorithm phishing attack security automation security posture artificial artificial intelligence intelligence cyber cyber governance governance cyber cyber risk risk algorithm algorithm artificial intelligence artificial intelligence cyber governance cyber governance artificial artificial intelligence artificial intelligence intelligence cyber artificial cyber governance governance intelligence cyber governance cyber cyber cyber risk risk governance cyber risk cyber risk cyber security cyber skills data analytics insider cyber cyber risk risk cyber cyber security security cyber cyber skills risk skills data cyber data analytics security analytics cyber skills data analytics shadow IT threat intelligence algorithm artificial cyber security cyber skills data analytics insider security posture shadow IT threat intelligence insider threat log files machine learning malicious shadow shadow IT threat IT intelligence threat intelligence algorithm algorithm artificial artificial posture shadow IT threat intelligence algorithm shadow IT threat intelligence algorithm artificial algorithm artificial intelligence cyber governance threat phishing threat attack phishing security attack automation security security automation security shadow IT threat intelligence algorithm artificial phishing attack security automation security posture artificial intelligence cyber governance cyber risk security security security posture posture posture shadow shadow shadow IT threat IT IT threat threat intelligence intelligence intelligence cyber skills data analytics insider threat log files machine learning cyber security cyber skills data analytics insider insider threat log files machine learning malicious intelligence cyber governance cyber risk cyber security threat phishing attack security automation security shadow IT threat intelligence algorithm artificial phishing attack security automation security posture security posture shadow IT threat intelligence cyber skills data analytics insider threat log files machine learning security algorithm algorithm artificial algorithm algorithm artificial intelligence artificial artificial intelligence cyber intelligence intelligence governance cyber cyber governance cyber governance governance threat phishing attack threat security phishing automation attack security security automation artificial intelligence cyber governance cyber risk shadow IT threat intelligence algorithm artificial cyber cyber security security cyber skills data analytics insider cyber risk cyber cyber risk security cyber cyber security skills cyber data skills analytics data analytics threat log files machine learning malicious threat intelligence cyber governance cyber risk cyber security threat log files machine learning malicious threat shadow IT threat intelligence algorithm artificial insider insider threat threat log log files files machine machine insider learning learning threat malicious log malicious files machine learning malicious threat log files machine learning malicious threat algorithm artificial intelligence cyber governance threat phishing attack security automation security artificial intelligence cyber governance cyber risk cyber risk cyber security cyber skills data analytics posture shadow posture IT threat shadow intelligence IT threat algorithm intelligence algorithm intelligence cyber governance cyber risk security intelligence cyber governance cyber risk cyber intelligence intelligence cyber governance cyber governance cyber risk cyber cyber risk security cyber security cyber security cyber skills data analytics insider algorithm algorithm artificial artificial artificial intelligence intelligence intelligence cyber cyber cyber governance governance governance intelligence cyber governance cyber risk cyber security threat phishing attack security automation security shadow IT threat intelligence algorithm artificial skills data analytics insider threat log files machine learning posture shadow IT threat intelligence algorithm intelligence cyber governance cyber risk cyber shadow ITalgorithm threat intelligence algorithm artificial algorithm artificial intelligence governance threat log files machine learning malicious threat cyber risk cyber cyber cyber risk cyber security cyber risk risk cyber security cyber cyber security skills security cyber data cyber skills cyber analytics skills data skills data analytics data analytics analytics posture shadow IT posture threat shadow intelligence IT threat algorithm intelligence algorithm intelligence cyber governance cyber risk cyber security threat threat log log files files machine machine learning learning malicious malicious threat threat insider threat insider log threat files machine log files learning machine malicious learning malicious cyber skills data analytics insider threat log files machine learning phishing attack security automation security posture threat threat phishing phishing attack attack security security threat automation automation phishing attack security security security automation security phishing attack security automation security posture phishing attack security automation security posture cyber risk cyber security cyber skills data analytics posture shadow IT threat intelligence algorithm intelligence cyber governance cyber risk cyber security insider threat log files machine learning malicious artificial intelligence artificial cyber intelligence governance cyber cyber governance risk cyber risk cyber skills data analytics insider threat log files machine learning cyber skills cyber data skills analytics data analytics insider threat insider log threat files machine log files machine learning learning threat log files machine learning malicious threat cyber cyber cyber risk risk cyber risk cyber cyber security security security cyber cyber cyber skills skills skills data data data analytics analytics analytics cyber skills data analytics insider threat log files machine learning posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk intelligence cyber governance cyber risk cyber cyber risk cyber security cyber skills data analytics intelligence cyber governance cyber risk cyber security insider threat insider insider log threat insider files threat log machine threat files log machine log files learning files machine machine learning malicious learning learning malicious malicious malicious artificial intelligence artificial cyber intelligence governance cyber cyber governance risk cyber risk cyber skills data analytics insider threat log files machine phishing phishing attack attack security security automation automation security security posture posture threat phishing threat attack phishing security attack automation security automation security security phishing attack security automation security posture shadow IT threat intelligence algorithm artificial posture posture shadow shadow IT IT threat threat intelligence posture intelligence shadow algorithm algorithm IT threat intelligence algorithm shadow IT threat intelligence algorithm artificial insider threat log files machine learning malicious artificial intelligence cyber governance cyber risk cyber skills data analytics insider threat log files machine learning threat phishing attack security automation security shadow IT threat intelligence algorithm artificial phishing attack security automation security posture insider insider insider threat threat threat log log files log files files machine machine machine learning learning learning malicious malicious malicious artificial intelligence cyber governance cyber risk insider threat log files machine learning malicious cyber skills data analytics insider threat log files machine learning threat phishing threat threat phishing attack threat phishing security phishing attack attack security automation security security automation security automation automation security security learning malicious threat phishing attack security shadow shadow IT IT threat threat intelligence intelligence algorithm algorithm artificial artificial posture shadow posture IT shadow threat intelligence ITattack intelligence algorithm algorithm intelligence cyber governance cyber risk cyber artificial artificial intelligence intelligence cyber cyber governance artificial governance intelligence cyber cyber risk cyber risksecurity governance cyber risk shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber threat phishing attack security automation security posture shadow IT threat intelligence algorithm shadow IT threat intelligence algorithm artificial threat threat threat phishing phishing phishing attack attack attack security security security automation automation automation security security security intelligence cyber governance cyber risk cyber security threat phishing attack security automation security posture posture shadow posture shadow IT posture threat shadow IT shadow intelligence threat IT threat IT intelligence threat algorithm intelligence intelligence algorithm algorithm algorithm automation security posture shadow IT threat intelligence intelligence cyber cyber governance governance cyber cyber risk risk cyber cyber artificial intelligence artificial intelligence cyber governance cyber governance cyber risk cyber risk posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk intelligence cyber governance cyber risk cyber security intelligence cyber governance cyber risk cyber posture posture posture shadow shadow shadow IT threat ITIT threat threat intelligence intelligence intelligence algorithm algorithm algorithm cyber skills data artificial intelligence algorithm artificial intelligence cyber cyber artificial governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning
INDEX
Cyber security governance in organisations is changing: European executives are now taking a greater role in strategic decision-making. 08 editor’s viewpoint
C-suites know that there’s no real opt-out for digital transformation; but it’s essential, in the dash to digitalise, that the digitally-transformed do not then become the digitally-exposed.
10 HEADS-UP TO CLOUD AND CYBER SECURITY EXPo 2019
Tom Vine, Group Event Director for this year’s show, introduces the key themes of the 2019 Expo, and explains what’s in store for Cyber Security Europe readers visiting ExCel London on 12-13 March.
EVENT NEWS
12 news round-up
Companies warned: now the value of your data is at risk. Chief officers’ conceit is a security liability. FCA: cyber risk ‘must be better managed’. Good security staff still hard to find. GDPR breach levels are on the up. Study warns: over-stressed CISOs are close to burn-out.
19 VIEWPOINT: new business model of cyber crime
As cyber criminal groups scale-up in their organisation and ambition, a strange skills parity has emerged between the Black Hat gangs and the organisations they target, says David Warburton at F5 Networks.
20 Internet of things cyber SECURITY
TARGETS
As more trendy office appliances become internet-connected, could businesses be creating fresh opportunities for future cyber threats to sneak past IT security barriers and disrupt with-it workplaces?
HIT LIST 28 When it comes to extracting value from stolen data, cyber criminals are highly versatile. As the digitalised world fills with data of many different kinds, they find new ways to profit from it. We highlight 10 types of targeted data – and what makes it so desirable.
O4
nce cyber risk data
y g
30 RUN FOR COVER: CYBER INSURANCE
Cyber risk insurance seems like a straightforward proposition, but it’s essential that organisations get their IT security in shape beforehand.
40 HEAD TOWARD cloud SECURITY
Many organisations not only feel more secure about migrating all of their sensitive data into cloud-based service: some, in fact, believe that it’s the safest place for their critical data to reside; are they right?
48 ai security: who know?
Now Artificial Intelligence (AI) can be bolted onto cyber security: many businesses believe it will boost resilience – but can it also improve your risk insight when it comes to addressing your insider threats? Many organisations evidently believe so, as take-up of AI solutions for IT security purposes continues to increase.
INTERVIEW
IAN THORNTON-TRUMP 44 The Head of Cyber Security for global underwriters AmTrust International, and Cloud & Cyber Security Expo 2019 keynote speaker, shares his expert perspective on key issues that shape cyber threats’ impact on our lives, and explains why he believes security will prevail.
O5
contents
cybersecurityeurope
Director Alexander Collis Managing Editor James Hayes Creative Director – Digital/Print Lee Gavigan Operations and Production Alena Veasey Accounts Controller Martin Reece Project Services Alex David, Adam Croft, Helen Sinclair, Eddie Samuel
Cyber Security Europe is produced and published by World Show Media Ltd Tel: +44 (0) 203 960 1999 Fax: +44 (0) 845 862 3433 Website: worldshowmedia.net For all sales enquiries: alex.david@worldshowmedia.net For all corporate enquiries: corporate@worldshowmedia.net
52 STEP UP TO CYBER RISKS
A multi-step strategy to innovatively manage today’s range of cyber risks can help minimise threat exposure – and ensure speedy recovery if attacks occur. Maninder Bharadwaj at Deloitte India, outlines a strategic model of risk lifecycle management.
54 turing’s lasting legacy
TOP-DOWN VIEW
Tomorrow’s AI-based cyber defences owe much to Alan Turing’s genius, but enterprise leaders can also learn from his diversity-based approach to problem-solving.
58 securing industry 4.0
To meet their fullest potential, Industry 4.0 programmes must apply holistic cyber-savvy thinking to all aspects of the industrial processes to be digitally transformed. These technology trends have sparked the imagination of executives in the industry.
62 blockchain for cyber securitY?
The market thinks blockchain mostly as a way of securing cryptocurrency transactions, but the core principle also has a future in finding and fixing the security vulnerabilities that exist in enterprise defences by powering a threat hunt validation platform.
66 editor’s EXPO picks
O6
Highlighting two notable solutions being showcased at Cloud & Cyber Security Exp 2019: Osirium’s PxM Platform and Variti’s Active Bot Protection.
Cyber Security Europe is published by World Show Media Ltd. It provides business and government executives with the intelligence and insight required to prepare their organisations for the ever-changing cyber threat landscape. Copyright © 2019 World Show Media. All rights reserved. No part of this publication may be reproduced, stored in any retrieval system or transmitted in any form or by any means, electronic, photographic, recording or otherwise, without the prior permission of CloserStill and World Show Media. The ‘Cloud & Cyber Security Expo’ trademark is owned and protected by CloserStill. While every effort is made to ensure information is correct at the time of going to press, neither the publisher nor event organiser can be held responsible for any errors, omissions and changes to the event programme and publication content.
“JUST OKAY” IS NOT GOOD ENOUGH. IT’S TIME YOU LOOKED BEYOND THE FIREWALL FOR NETWORK SECURITY.
With Data Diode cybersecurity technology, you can securely transfer data one-way between segmented networks.
Stop cyber threats dead in their tracks with Owl data diode hardware cybersecurity. Meet us at Cloud and Cyber Security Expo March 12-13 • London • Stand #S4740 @owlcyberdefense
owlcyberdefense.com
viewpoint
cybersecurityeurope
C-suites know that there’s no opt-out for digital transformation; but in the dash to digitalise it’s essential that liabilities are not overlooked. A RECENT FORECAST FROM ANALYST IDC PREDICTS THAT BUSINESS SPENDING on information and communication technology (ICT) will be ‘caught in the crossfire of headwinds and tailwinds’ and a ‘softening global economy’. This will put on pressure organisations’ ability to grow technology budgets, and – as their competitiveness becomes more dependent on advanced tech like Artificial Intelligence and data analytics – their digital transformations. The actual meaning of ‘digital transformation’ has been rehashed many times, and remains open to redefinition as successive phases of technological evolution set their aims and objectives. One truism, however, has emerged: digitally-transformed organisations are digitallydependent organisations: it’s digitalise or die. But while for many digital transformation is largely deemed a force for positive change, leading organisations are also starting to discover that it brings its own kind of risk. According to a study from the Ponemon Institute (on behalf of cyber exposure solutions provider Tenable), digital transformation has also created ‘a complex ICT environment of cloud, DevOps, mobility and IoT, where everything is connected as part of the new, modern attack surface’. This has opened a ‘massive gap’ in organisations’ ability to truly understand their cyber attack exposure at any given time’, the study reports. It further warns that, in their rush
to become digitally-transformed, organisations have also become digitally exposed, by rapidly embracing new technologies without applying the diligence that they are cyber secure. This is an area where it’s imperative that the c-suite and the IT function collaborate closely and share respective expertise and best practice. Business dynamics now move so rapidly that executives face a major challenge to keep-up with market conditions and set strategy on a
Complex ICT environments where everything is connected open a gap in organisations’ attack exposure. course that rides the currents of opportunity and avoids the riptides of recession. The IT crowd, meanwhile, has to keep abreast of a solutions market that’s burgeoning rapidly across the IT estate – even cloud options have become complex and diverse. Total digital reliance means IT governance becomes too important to the enterprise mission for it to remain the sole responsibility of a single directorate. James Hayes
Cyber Security Europe is committed to engagement with its readership: if you have feedback on issues raised in this edition, I’d be pleased to receive it – via email – at the address given here on the right.
O8
DETAILS Please contact: | james.hayes@ cseurope.info
Cyber Security for your IT and industrial infrastructure Find out more about us: • SOC Services • OT Security – from Maturity Check to Risk Assessment • OT Asset Discovery & Analysis • IT Security Awareness • Cyber Range simulations and training platform for IT professionals
Trusted in
Cyber Space Trusted in
Outer Space
Trusted in
Aero Space
More information about our products and services on our website
www.airbus-cyber-security.com
welcome
cybersecurityeurope
WELCOME Be aware: we are now all living in a world of total reliance on data, explains Cloud & Cyber Security Expo Group Event Director Tom Vine. SECURITY IS NOT JUST FOR THE IT TEAM. IT NOW IMPACTS EVERYONE AND IS AN imperative consideration for the entire business. Security stretches beyond the boundaries of the core business, out to the edge, to billions of interconnected devices: on the cloud, mobile devices and IoT, all of which are in transit, and can potentially be a moving cyber target. The challenge now is in the need to balance innovation and productivity with functional cloud and cyber security. Cloud & Cyber Security Expo 2019 is the only place that gives you everything you need to learn, wherever you are in your digital transformation journey, and to stay safe in an increasingly hostile digital environment. It is quite simply the industry-leading event for digital-age guardianship. You will hear from more than 200 expert speakers covering many key topics, and meet over 150 providers offering leading cloud and cyber security services and solutions. And that’s not all. Because bespoke
BIO
technology solutions rely on multi-cloud environments, Cloud & Cyber Security Expo is part of the UK’s largest technology event: it incorporates Cloud Expo Europe, DevOps Live, Smart IoT, Big Data World, AI Tech World, Blockchain Technology World and Data Centre World. Attendance brings you access to eight events with one ticket – all for free.
The challenge now is the real need to balance both productivity and innovation with cloud and security. It’s no wonder that Cloud & Cyber Security Expo is the UK’s highest-attended enterprise technology event! So make sure that you save the data: join us on 12-13 March 2019 at ExCeL. I look forward to seeing you there! Tom Vine
TOM VINE, GROUP EVENT DIRECTOR, CLOUD & CYBER SECURITY EXPO Tom Vine has over 15 years’ experience of launching and directing events in the media, healthcare and technology sectors. He runs Cloud & Cyber Security Expo and Big Data World in London and Germany.
10
DETAILS For more information please go to: | cloudsecurityexpo.com
NEWS & products
cybersecurityeurope
A selection of news and views from Cloud & Cyber Security Expo exhibitors, plus latest updates for cyber-savvy executives
NEWS ROUND-UP
Businesses are increasingly convinced about value of Artificial Intelligence, while senior techies are under more personal stress in their roles… Malware attacks up, data breach notifications on the rise... Boards in the financial sector should think about appointment of cyber-skilled non-executive directors, says the FCA... 15BN
POST-BREXIT SECURE
+13%
The UK’s National Cyber Security Centre (NCSC) has affirmed its post-Brexit cooperation plans with other European national security agency partners. “Whatever form the future relationship between the UK and the European Union takes beyond 29 March, the Prime Minister and her Cabinet have long made clear that our support to European security as a whole is unconditional,” its CEO Ciaran Martin told audiences at the CYBERSEC Forum in Brussels in February. “Nearly all of the functions of the UK NCSC fall outside the scope of European Union competence,” Martin added. “It follows therefore that our enhanced co-operation with European partners, and the EU as a whole, in cyber security over recent years is not automatically affected by the UK’s changing relationship with the EU.” | ncsc.gov.uk
CLOUD & CYBER SECURITY EXPO 2019
-12%
$11.3 BN
$ 9.9 BN
9.8 BILLION 0 2019
2023
2024
CYBER SECURITY ANNUAL GLOBAL GROWTH Cyber security revenues will jump to $223.7bn during 2019 – from a 2018 high of $160.2bn – as the expenditure focus moves to GDPR adherence and adherence to similar legislative compliances, according to new predictive analysis from Rethink Technology Research. After a growth spike of $11.2bn next year, growth drops to around $9.9bn by 2023, but is set to jump again (to $11.3bn) in 2023/2024 as AI-based cyber security solution investments kick-in, reaching a new total spend of $223.7bn. This will have the effect of increasing, rather than reducing, demand for skilled cyber security personnel, the report warns. The report also points out that cyber security spending will rise faster than total IT budgets as a whole over the five years to 2024. | rethinkresearch.biz
THE SHOW IN BRIEF...
Cyber security has always been a fast-moving sector. Now the pace of technological change means that it moves faster than ever, in terms of both threats and solutions. Information security is no longer just for
12
+13%
$11.2 BN
the IT team to concern itself with: it now impacts everyone within an organisation, be it public sector, commercial, or non-profit, and
NEWS & products
cybersecurityeurope
ANDROID BUSINESS BOOST The use of tablet PCs and handheld devices that run on the Google Android operating system are on the rise in commercial organisations, but cyber security remains a concern, according to an investigation by Panasonic Business. On average, 72% of tablets and handheld devices in businesses (excluding smartphones) use the Android, Panasonic Business found, with 60% of device buyers saying Android was ‘still being integrated’ into their organisations; the number of devices is expected to rise, with the majority seeing growth into the 2020s. The top three benefits of Android over other operating systems were said to be flexibility (59%), security (58%) and affordability (52%). However, security remains a concern in that businesses quizzed believe they should be security-updating their Android devices much more – on average four times a year more than for other operating systems used. | business.panasonic.co.uk/computer-product/android-on-the-march
ECSO – the European Cyber Security Organisation – concluded its first High Level Roundtable on Europe’s Cyber Future in Brussels in February, with a debate around how the European cyber security ‘ecosystem’ can be developed. European Commission Vice President for the Digital Single Market Andrus Ansip emphasised the need to have a strong European cyber security industry, which will ensure the European Union keeps up with the technological developments and is “able to ensure its cyber readiness and resilience” – an area where the publicprivate partnership on cyber security can play a vital role in the 2020s. European cyber security industry representatives said that Europe has a ‘strong and innovative cyber security basis’. If it wants to be a leader in the global tech race, however, the EU needs a ‘comprehensive, agile cyber security strategy’, built on ‘co-operation between industry, research and public sectors’ at a pan-European level. | ecs-org.eu
CLOUD & CYBER SECURITY EXPO 2019
Number of data breaches notified from 25th May 2018 to 28th January 2019*
CO-OPERATION IS KEY
59K GDPR NOTIFICATIONS ACROSS EUROPE, FINDS STUDY More than 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations since the General Data Protection Regulation – GDPR – came into force in May 2018. According to the GDPR Data Breach Survey from law firm DLA Piper, Germany, the UK and the Netherlands are the highest-offending countries, with approximately 15,400, 12,600, and 10,600 reported breaches, respectively. “GDPR completely changes the compliance risk for organisations which suffer a personal data breach due to revenue based fines and the potential for US style group litigation claims for compensation,” says DLA Piper Partner Ross McKean. “The regulation is driving personal data breach out into the open.” | dlapiper.com
THE SHOW IN BRIEF – CONTINUED
is an imperative consideration for the business as a whole – and that includes senior management. Cyber security stretches beyond the boundaries of the core business, out to the edge and into the cloud;
14
mobile and Internet of Things (IoT) devices, all of which are in transit, and can potentially be a moving ‘cyber target’.
FINANCE NEEDS CYBER SKILLS A review of how well boards and their management committees understand and manage the cyber risks they face has revealed that many should take more proactive steps to foster a security-centric culture that transforms cyber from an IT issue to an organisationwide priority. The Financial Conduct Authority (FCA) conducted the review with a sample of 20 firms in the asset management and wholesale banking sectors. It found that firms polled generally lacked board members with ‘strong familiarity’ or specific technical cyberexpertise. Many signalled that this was ‘because of their size’, ‘low risk-profile’, or the limited availability of that cyber awareness in the wider independent non-executive director community. Firms that rely exclusively on IT teams to own cybersecurity may find this ‘limits the extent to which their IT strategy is independently challenged’, the FCA found. | fca.org.uk
CYBER RISK ‘MUST BE MANAGED’
CHIEFS’ CONCEITEDNESS IS SECURITY HOLE Senior executives are still often the ‘weakest link’ in the corporate cyber security chain, and encourage cyber criminals to target their vulnerabilities to commit serious data breaches. A report from outsourced infrastructure and data storage specialist The Bunker has revealed that many senior executives ignore the threat of hackers and cyber criminals, and often conceitedly feel that security policies in their organisations ‘do not apply to their unique position’. In reality, however, their often privileged access to company information makes their personal accounts ‘extremely valuable’ to exploit, and also heightens the need for extra care, the report – How Senior Executives Can Avoid Breaking the Cyber Security Chain – found. | thebunker.net
A driving challenge now is in the need to balance innovation and productivity with functional cloud and cyber security. Delivering a
Some 60% of organisations across Europe suffered two or more business-disrupting cyber attacks – causing data breaches and/or disruption/downtime to business operations, industrial plant or operational equipment – in the last 24 months. Some 91% of respondents to a study from the Ponemon Institute, on behalf of cyber exposure management provider Tenable, suffered at least one such cyber incident during the same time period. Despite the incidence of damaging attacks, the Measuring and Managing the Cyber Risks to Business Operations report found that 54% of organisations do not measure – and therefore fail to understand – the total business cost impacts of cyber risk. This lack of rigour ‘leaves boards of directors in the dark about the true cost of cyber risks to their organisations’. Without confidence in the accuracy of their measures, CISOs and other security executives are ‘reluctant to share critical information about the business costs of cyber risks with their boards’. Expo Stand | S4642 | tenable.com
programme of solutions-focused content, case studies, speakers and exhibition floor of providers, Cloud & Cyber Security Expo 2019 gives you what you need to stay safe in a hostile digital space. Technology-enabled change is on the boardroom agenda for organisations of all types and sizes. Whether you are
15
NEWS & products
cybersecurityeurope
GOOD STAFF STILL HARD TO FIND Tripwire surveyed 336 IT security professionals to explore recruitment trends: how security teams are changing, and how they plan to address the most challenging issues that confront them in the face of growing cyber threats. It found that most organisations experience more difficulty in finding skilled cyber security professionals, that they are understaffed, and that they feel at risk of losing the ability to maintain key cybersecurity programs. Findings also suggest that skills gap-related issues are worse in comparison to responses to similar research conducted in August 2017. Asked if they felt that their IT security team was up-to-strength in terms of headcount, only 14% say that their team was ‘the right size’; 67% of respondents report that their team is ‘slightly understaffed’, and 18% are ‘grossly understaffed’; a fortunate 1% of respondents admitted that their teams are ‘overstaffed’. Expo Stand | S4712 | tripwire.com
BREACH LEVELS UP (AGAIN) The UK’s cyber threat environment is intensifying, with 88% of UK organisations having suffered a breach in the previous 12 months, according to the latest edition of the Threat Report from cloud-based endpoint security provider Carbon Black. The average number of breaches over the last 12 months (2018-2019) per organisation polled was 3.67, and 87% of those organisations have seen an increase in attack volumes, with 89% of respondents confirming that attacks have become ‘more sophisticated’. Each of the public sector departments surveyed by Carbon Black – that’s in both central government and local authority – reported being breached in the past 12 months, suffering 4.65 breaches, on average. Of these, 40% have been breached ‘more than five times’. In the private sector, the survey indicates that Financial Services are the most likely to report a breach, with 98% of the surveyed companies reporting breaches during the past 12 months. | carbonblack.com
CLOUD & CYBER SECURITY EXPO 2019
642
505
347
347
COMMERCE WARNED: YOUR DATA VALUE IS AT RISK Organisations could incur $5.2trn in additional costs and lost revenue by 2024 due to cyber attacks, reports Accenture, as dependency on complex digitallyenabled business models outpaces the ability to introduce safeguards that protect critical assets. Based on a survey of more than 1,700 c-suite executives across 13 countries (including France, Germany, Italy, Spain, Switzerland, and the UK), the report – Securing the Digital Economy – explores the complexities of the internet-related challenges facing business and outlines imperatives for CEOs’ evolving role in technology and governance. The top ‘data value-at-risk’ (sectors shown above, cumulatively 2019-2023) are High-Tech, Life Sciences, Automotive, Consumer, Banking, and Healthcare. | accenture.com
THE SHOW IN BRIEF – CONTINUED
cloud-first, scaling-up, refining, or just getting started. The event is subtitled ‘Securing digital transformation’: this highlights the challenges faced by organisations as they plan to reinforce their cyber
16
385
Forecast ‘Data value at Risk’ – figures in $bn. Source: Accenture Research.
753
resilience while they reinvent their enterprise ICT (information technology and communications) systems to make them fully fit for
EXPO SEMINARS: EDITOR’S PICKS Securing a digital workspace across multiple hybrid clouds Speaker: Gerard Lavin, Senior Systems Engineer, Citrix Systems Date: 12.03.2019 Time: 11:50-12:15AM Location: Techerati Keynote Theatre
SECTOR FOCUS: AIRPORTS According to latest research by ICT provider SITA, 89% of airline CIOs plan a ‘major program’ around cyber security initiatives through to 2021, up from 71% in its 2017 survey. This percentage is higher for airports: 95% of terminals plan major programs over the next three years. Business continuity, through the protection of operational systems and processes, remains the priority for 57% of airline and airport senior executives polled. As a result of the heightened focus, spend on cyber security is increasing, reaching $3.9bn in 2018. The research indicates that airlines invested 9% (on average) of their overall IT budget on cyber security in 2018 – up 2% on 2017 figures. Airport investment in cyber security in 2018 is set to rise to 12% of overall IT budgets in 2018, also up 2%. Executives are ‘keenly aware’ that ‘greater strides’ must be made to implement proactive IT security measures. sita.aero/resources/type/surveys-reports/air-transport-cybersecurity-insights-2018
COP SHOP COMPROMISE How difficult is it to hack into a UK police station? According to Jake Moore (left), Security Specialist at ESET, it’s rather less challenging than you might expect. In his Seminar presentation to be given at this years Cloud & Cyber Security Expo 2019, 13th March/11:25-11:50AM, Jake Moore will explain how, with the use of social engineering, insider knowledge, Google searching and good timing, he was able to gain access to a police station network and gain highly confidential data. The aim of the experiment was to demonstrate the “sheer impact on what can be achieved if a targeted attack were to occur,” says Moore, who previously worked for Dorset Police primarily investigating computer crime, in the Digital Forensics Unit, across a range of offences. Expo Stand | S4505 | eset.com/uk
business in the coming decade of the 2020s. Cloud & Cyber Security Expo 2019 is a prime opportunity for Cyber Security Europe readers
New era for data protection: Converged Disaster Recovery and Backup Speaker: Steve Blow, Tech. Evangelist, Zerto Date: 12.03.2019 Time: 1:10-1:35PM Location: Infrastructure, Storage & Virtualisation Cloud-ready networking: Are we there yet? Speaker: Len Padilla, VP Global Products, NTT Communications Date: 13.03.2019 Time: 10:25-10:50AM Location: Connectivity Zero trust architecture: Buzzword or strategy? Speaker: John Sherwood, Chief Architect, The SABSA Institute Date: 13.03.2019 Time: 1:40-2:05PM Location: Connectivity Securing your software supply chain Speaker: Steven Thwaites, Director Solutions Engineering, Docker Date: 13.03.2019 Time: 3.55-4:20PM Location: Multi-Cloud Strategy & Management
FULL CONFERENCE
to hook-up with leading information tech innovators and service providers; network with peers and colleagues; access a wealth of insight and knowledge (this includes emerging trends, tech ‘deep dives’,
17
NEWS & products
cybersecurityeurope
TECHIES UNDER STRESS C-suite techies are subject to high stress in their role, with 91% of respondents to a survey by Nominet reporting that they suffer ‘moderate or high stress’, with 60% saying that they ‘rarely disconnect’ from their jobs. The report, Life Inside the Perimeter, also found that CISOs are also working long hours: 88% of those polled are working more than 40 hours a week, while 22% say they have to be available 24/7. Other findings include: 8% believe their board members are indifferent to the security team, or see them as ‘an inconvenience’; 32% of those polled believe that, in the event of a successful cyber security breach, they would either lose their jobs or receive an official warning of some kind. “CISOs need to be given the resources and support to tackle the threats [their organisations face],” warns says Nominet CEO Russell Haworth. “If they aren’t, then the board must face the consequences...” | nominet.uk
2
2 2
4
C1662 Nasuni
2
2
C1663
C1664
9
Clearvision
Coservit
3
5
C1762
6
3
Printerlogic GmbH
C1745
9
6
6
4
6
2
C1642
C1545
India Pavilion
Rubrik
4
4
3
2
3
3
All In Mobile
OneStream Networks
CEE11
12 6
India Pavilion
India Pavilion
6
2
2
2
3 4
C1741
OpsRamp
2
3
9
Diskshred
5
5
4
2
2
C2257
Puppet
C3255 C3258
6 5
Twistlock 4
7
C2245
4
7
C2242
12
3
Netrounds
3
2
5
Impartner 8 4
C2244
4
3
13
Enterprise CIO, CISO & VIP Lounge 12
7
9 C2135 ThousandEyes
2
2
CSP & Security VIP Lounge
12
C2130 Pulsant
6
8
C1735
Amito
6
5
3
CLOUD & CYBER SECURITY EXPO 2019
15 4
C1826
C1925
C1825
4.5
Veeam Software
K3 Starcom
C1710
5 10
5
NTT Communications
3
3
6
C1920 7
4
C1812
6
C2028
C2120
C2124
6
AVI Networks 6 6
4
6
8
Densify
C1810 T-Systems
Cloud Gateway
C1910
GAMMA
6
6
Railwaymen
C2010
3
9
C2210
GTT Communications 6
6
Epsilon Telecommunications
4
6
4
7
CSM
4
2
2
8
2
C1801
4
Devskiller
3
C1802
Big Switch Networks
3
C1803
2
6
1.5 2 3
4
3
6
3
3
7
C1901 WPD Telecoms
3 C2001
3
3
PAESSLER Network Monitor
2
9
3
nCipher
5
4
4
3
3
Crowdstrike
3
3
Fractal Industries
5
S4640
Trend Micro
3
6
6
6
CSE4
10 12
6
8
S4420
4
Alert Logic
Tenable
3.5
2.5
3
3
Security of 10 Things Theatre
6
S4428
10
3
10
Cyber Threats, Intelligence & 10 Response Theatre
S4410 6
S4510
SI1 Vade Secure
Exasol
SI3
6
SI4
13
SI5
SI8
6
6
Echoworx
6
6
2
6 6
S3200 S3202 Distology 3 StayPrivate
3
S3204 Kaseya Ltd
4
Cloudflare
SSL247
6
6
ESET
6
6
3
3
4
2 3
6 3
S3206 S3302 S3304 S4401 Invest NI Wizard 3 Keeper Security Cyber
2
6
2
S4714
6
3
S4715
Pyxis 3 4 Edge
S4712 S4713 Senetas Tripwire Europe 3
5
CloverD
B514
B4940 B4944
3
3
3
3
6 BlueD
2
ForePaaS
Data Analytics & BI Theatre Sponsored by
13
3
3
Datameer
Studio Intelligence
12
Splash BI
2.5
6
B4932
3
3
3
Fortinet
3
6
6
6
6
2 4
B5
3 C
B5010
National Express, Amazon, Lloyds, Lowell Group, Save The Children, John Lewis, Microsoft, Elsevier, and National Crime Agency.
3
3 B503
2
3
3 Yello
3
3
6
3
B50 3
Hitachi Vantara
5
3 3
B50
3
3 FiveTran SoftServe 3
6
2
3
B4910 TIMI
Gos
2 2
B5005
3
6
2
6
4
B4801 B4802 SQream 3
Zoo
5
6 3
Qubole
B5
3
B4920 B4923 3
1
B5
2
ZOHO
Up
2
B4915 B4917
3 SNOWFLAKE Crimson Macaw
THE SHOW IN BRIEF – CONCLUDED
Acrotrend
3 Youredi
6
B4701
Dremio
3
Equifax 4
3
3 3
3
B4815 B4818 Sky
3 3
3
B
4 1
B4925 B4927
Visokio
3
B4810
Use our floorplan QR code link (left) to maximise your time at Cloud & Cyber Security Expo 2019, and ensure that you find key exhibitors and speaker presentations. The event sits at the heart of one of the most comprehensive technology industry events taking place this year. It runs alongside its seven co-located events: Cloud Expo Europe, DevOps Live, Smart IoT, Big Data World, AI (Artificial Intelligence) Tech World, Blockchain Technology World and Data Centre World. More than 150 exhibitors will be there. The Cloud & Cyber Security Entrance from the central ExCel boulevard leads visitors directly to that part of the exhibition. | cloudsecurityexpo.com/exhibitor-list
lessons learned, and new market forecasts. The multi-streamed two-day Cloud & Cyber Security Expo 2019 conference and seminar programme includes speaker presentations from organisations like
2
B5145
B4930 B4936
B4820 B4825
3 4
6
Attunity VoltDB 5
3 InfluxData
S4710
Symantec
5
B4826 B4827
Hastings 3 Direct
3
6
MongoDB WANdisco 6
Sponsored by
6
S4719 B4720
3
4
2 2
2
6 Data Management & Integration 12 Theatre
2 2
2
6 3
Tealium 5
S4720 B4725 6
S4610
S4505
DataStories
Rublon
3
3
S4615
B5140
B4945 B4948
Redis 5 Labs
SI7 Scorpion Bonus
3
6
EASY GDPR
3
2
1
B4730
SI6
3
6
B5045
2
6
2
3
6
2
3
BDW3
3
6
Neustar
12
B4735
6
6
AI K 13
SI2 Viascreen
3
S4411
Bitglass
Alooma 5
3 My1Login Algorithmia 3
4
Oracle
3
3
3
Avast Business 6
S4620 6
S4415 S4418 Code 42 S4412
Cyber Innovations & 10 GRC Theatre
1
Astera MariaDB 3 Software
BDW2
B4740
3
3 Help Systems
2
3
3 2
S4740 Striim 6 Owl 4 Cyber
S4630
2
Barracuda 6 eSentire 6 Security Networks Strategies & 10 Service Providers 4 4 Theatre 2 3
3
3 Heficed
CSE6
NTT Security
4
3
SafeGuard Cyber
4
5
S4642
S4632 S4635
6
Illumio 5 3
B4850 B4855
3
Cloudera
3
S4748 B4745
6 GlobalSign Egnyte 6
6
Sponsored by
3
S4645 S4648 5
Big Data World Keynote Theatre
3 DarkTrace
6
6
1 3
T4750
S4742 B4750
Malwarebytes
BDW5
14
6
2
8
Sophos
12
CSE3
S3210 LogMeIn 3
2
7
C2005
3
4
4
2
S4745
NCP
5
3
3
T4652 T4654 Pragmasoft
2
2
Iconics
3
S2450
S4339
Tessian
4
S3214 3
DOWNLOAD THE C&CS EXPO 2019 FLOORPLAN 10
10
2
Mcafee
7
9
C2110
4
S4345
S4430
S3215
BMC
3
C2012
3 M24Seven
C2222 4
Germany Trade & Invest
DUO S3220 IXIA 4
2
3
S4333
CSE2
S3225
8
2
T4660
S4647 3
S4334 S4330
4
4
6
4 C2015
3
C2014
3
2
2
6
3
7
Cisco
8
Digital Transformation 9 Theatre
7
6
3
C2225
CEE10
C2020
4
3
13 3
5
6 S4338 PenTest People
2
Palo Alto Ft. RedLock
S4540
IRM 4
3 Bitdefender
3
BLUE 6 CHIP
Asigra
9
Mellanox
3
9
Citrix
6
C1820
2 9
C2026
6
4
UnboundTech
2
5
BDW1 T4760
3
2
6
S4542 S4543 3
2
T4663
3
T5268 T5266 3 Embiq
3
4
S4442
6
2
12
6
9 3
4
3 Redcentric 5
C1822
2
6
Cloud & Cyber Security Keynote Theatre
2
3
Cyxtera 5 Technologies
5
4
6
Streams
S4440
S4335
9
ASL Holdings
2 2
Kingdom S4445
2
Capita
4
3
CSE1
4 3 T4348 T4349 Untitled Codete
JuliaSoft
S4337
2
2
3
S4341
8
IBM
9
CSE5
6
T4560 T4561 4 Codibly Steady 3
3
3
S4340
5
3
Crimson 3 Tide 3
2
2
C3240
LogicMonitor
5
4 12
C3250
T4563
Asure 3 Software
T4460 T4461 3
Global Control
S4345
Smart Monitoring
3
3
T4346
2
Sumo 7 Logic
7
ECS Digital Partner Village
5
2
3
3
T4770
2
3
3
2
3
T4463 T4462 3
T4360 T4361 Airly Daizy 3
2
4
2
9
2
12
C1730
5
China Telecom 5 (Europe) Ltd
C1601
18
5
Cato Networks 2
4
4
4
4
2
3
Telefonica 6
6
3
T4774
6 3
T4363 T4362
3
7
C1614 C1612
5
3
3
C2155
C2140
4
3
3
6
KTN InOvate 10 Launch Pad
4
3
C2252
15
CEE8
Asteria 5
5
C2255
7
4
vXtream
6
9
C2042
C2040 4
UKFast
7
5
Zadara C1720
C1610
2
6
8
T4371
T4370
5
T3260
10
T4373
Codico
3
C2150
3
8
4.5
4.5
C1725
9
3
4
4
C1505
Iomart
8
3
6
Siemens
6
4
7
ConnectWise
2
3
6
6
DevOps Innovations Theatre
7 3
C2045
6
5
3
C2051
4
6 4
4 C1838 Bacula Systems
4
10 5
10
C1510
C1940
2
Arrow
6
T2160
CEE6
Chef
2
3 Openledger Innovetec 3
2
3
3
3
2
T2272
T3270 Advancis
3 Nytec 3
3 C2053
Mendix C2052
T2260
3
2
4
Multi-Cloud Strategy & Management Theatre
dhosting.com
3
2
2
SENUTO
2
2
4 C2055
3
C1958
5
3
3
7
Avalara 6
8 4
Zerto
Docker Showcase 5
6
8
AIC Inc.
C1830
10
CEE9
5 3
3
T4863
T2161
6
T2270 Advantech
3
5
2
T4862 3 IQRF 3 3 Q-Sphere
C2054 C2050 C1952 Morpheus Harness 3 3 Databarracks 3 3 2 2 Data
Panzura
C1835 3
4.5
3
2
6
2
T2162
3
3
3 C1956
Samsung
2
4
Next Connex 2
Infrastructure, Storage and 9 Virtualisation Theatre / Connectivity Theatre
9
Swarm
4
C1620
2
C1842
6
Apptio 4
6
C1740
C1965
NGINX Giant 3
7
4
CEE4
3
C1840
CEE7
C1615
Kemp
1
4
2
3
C1743
CTERA 3 Networks
C1765
6 4
C1632 C1635
3
2
PLATFORM.SH
C1962
4 2
8
C1845
2
C1964
8 3
C1748
3
C1742
4
6
2
CEE11
1
2
C1746 3
4
C1640
CEE11
4
Future of Finance Theatre
4
6 4
6
Cloudian
4
Flat Rock Technology
The workforce, the workplace, and the technologies that support them, will be so different by 2025 that enterprises need to provide global access and ensure continuous uptime now, a survey has claimed. Enterprises must start addressing global digital transformation strategies to remain agile and relevant. One hundred CIOs of companies with at least 5,000 employees across EMEA (and beyond) surveyed by unified access management solutions provider OneLogin agreed that the volume, complexity, and pace of business change ‘is accelerating much faster today than it did at the start of the 2010s’. The OneLogic survey also found that: 94% of respondents agreed the 2025 workforce will consist of both human resources and digital resources, like bots. 89% agree that high-performing businesses of the future will be required to leverage AI and Machine Learning to predict and rapidly meet the needs of their customers. Expo Stand | S4645 | onelogin.com
2
7
2
C1963
C1961
4
4
CEE5 7
Financial Services 9 Ecosystem
6
T2271
2 Invisible Systems 2
5
Keynote - Digital Disruption
3
14
3
11
2
2
3.5
4.5
C1550
Digita 4 Oy
2
Code and Pepper
C1750
Cloud and Heat
Bunnyshell
C2062 Aqua Instana 3 3 Opsview Security 3 CNCF and 4 Kubernetes
4
2
3
C1960
3
C1660
C1974
5
3.5
3
GitLab
2.5
4.5
ENXOO
C1972
2.5
2
C1555
3
2
Disruptive LIVE
2
1
3
‘BOTS ON STAFF’ BY 2025
3
C1866
C1869
4
2
2
IOT3
2.5
2.5
C1665
Kelverion
2
5
3
13
3.5
1
C1862
C1667
C1575
C1970 Rancher Labs
2
Supermicro®
GALACTICA
4
3
Taxxo.app
1
2
2
2
1.5 1.5 1.5 1.5 1.5 1.5 1.5 1.5
2
3
3
6
2.5
Proteon
3
3
C1672
C1570
C1874
Perforce
2
Smart World Connect 3
3
7
3.5
2
3
IOT4
Transformation of Industries
7
3
T2280 T2281
Immersive Labs
C1872 C1871
C1876
EMENAGO.COM
9
Osirium
2
3.5
Techerati Keynote Theatre
3
Shared Cities Showcase
Sponsored by
BLueLiv
3
C1674
17
IOT2
IOT1
DevOps, Containers and Cloud Native Theatre
9
Uniscon
CEE2
12
CEE3
Synerise
3
B5006 B
Words | David Warburton
As cyber criminals gain in their sophistication and organisation, a strange kind of skills parity is emerging between the Black Hats gangs and the organisations they target. Cyber criminals are not only acquiring many of the same commercial skills commonly found in legitimate companies; they are also modelling their operations on conventional commercial practice. This means that in the same way that a company would conduct competitor analysis to ensure that it knows enough about what its rivals are up to, there are useful lessons to be learned from a close study of hackers’ ‘business models’. This phenomenon will come as a surprise for senior managers who still think that the Dark Web is inhabited by digital delinquents and ruthless legions of disaffected disruptors. The reality is that the averagely-competent hacker is but a cog in a well-organised and complex ecosystem that’s more akin to corporate enterprise culture than you might think. The only difference is the endgame, which is usually to cause reputational or financial deficit. The evidence is compelling: cyber crime is now run like a commercial vertical sector with multiple levels of deceit to shield those at the very top from apprehension and prosecution. Therefore, it’s more important than ever for businesses and other organisations to re-evaluate cyber criminal perceptions and ensure effective cyber safeguards are in place. Cyber crime gangs as a collective entity are often structured like legitimate businesses, including partner networks, resellers, and vendors. Rather than working as heartless, faceless ‘criminals’, ransomware attackers are treating their victims as ‘customers’ and bringing-in support personnel to deal with their ‘sales’. Some of them have even setup call centres to field interactions with ransomware victims. There are even reports of customer service reps standing by on the phone to help ransomware victims find out how to buy cryptocurrency like Bitcoin to pay the ransom, and interact directly with victims to decrypt specific files. Don’t be surprised when it turns out that cyber criminals have customer relationship management (CRM) systems set-up in backend support. Like an international corporation, cyber gangs now often work remotely across widely-dispersed geographies, which makes them tricky to detect and deal with. The nature of these structures also means that cyber attacks are becoming more automated, rapid and cost-effective. The costs and risks are further reduced when the fluidity and inherent anonymity of cryptocurrencies and the Dark Web are factored-in. The cyber threat industry has become so robust that hackers can even source work on each link in an attack chain at an affordable rate. Each link is anonymous to other threat actors in the chain to vastly reduce the risk
of detection. The network of links is nigh impossible for outsiders to break into. It’s almost like the blockchain principle working in reverse. Entry-level hackers around the world, meanwhile, are embarking on career development journeys of sorts, enjoying opportunities to learn and develop skills. This includes the ability to write their own tools or enhance the capabilities of others. In many ways, it is a similar path to that of an intern in a legitimate company – except, of course, that the financial rewards that they can look forward to are considerably more tempting. They often become part of sophisticated groups or operations once their abilities attain a certain level; indeed, a large proportion of hackers are relatively new entrants to the cyber crime field, and still use low-level tools to do their mischief. This breed of cyber criminal isn’t always widely feared by enterprise leaders whose organisations will become tomorrow’s targets for hackers and other malware attacks; but, I strongly contend, they should be.
Cyber crime gangs are often structured like legitimate businesses: their affiliates include partner networks, resellers, and vendors.
WORDS BY DAVID WARBURTON Senior Threat Research Evangelist, F5 Networks
| f5.com
19
VIEWPOINT
NEW BUSINESS MODEL OF CYBER CRIME
FEATURE
cybersecurityeurope
SCHEME OF DEVICES
As more office appliances become connected to the Internet of Things, are we creating potential entry points for future cyber threats to sneak into the workplace? THE INTERNET OF THINGS (IOT) NOW ENTERS INTO ALMOST EVERY AREA OF OUR DAILY LIVES. With quirky devices like wireless water bottles, digital pet feeders, and even internet-connected sexual aids, these stealthy, networked computerised devices often record new types of data we may not actually want to share. And if you thought smartphone growth was beyond crazy, just wait. Connected IoT devices are already set to outpace mobiles and projected to reach 75bn devices by 2025, according to forecasts from Statista. That’s almost 10 (9.92, to be exact) IoT devices for each person on the planet. The average security of many IoT devices, meanwhile, is shockingly remiss.
TIMELINE
Tens of billions of new computing devices that record many aspects of our personal and professional existences, all built upon establishing the cheapest route to market. This mix of ingredients leaves security by the wayside – an outcome not missed by the cyber threat hordes. Nor is it a fact that should go unnoticed by business leaders, as their organisations start to accommodate these myriad devices in one form or another. It’s true that the IoT security issue has received much attention, but most concerns concentrate on consumer devices or issues applicable to specialised industries. Market-watchers tend to focus on these quirky and novel devices, or they highlight headline vulnerabilities found in life-supportive medical devices or critical energy and utility equipment. However, just because
Office IoT devices we should worry about are the ones that don’t really look like computers so enter the workplace under the ‘radar’.
IOT SECURITY HACKS AT HOME & WORK... Building Internet connectivity into physical objects is not new; but the desire to exploit those connections for malevolent intent has escalated as more ‘things’ have become linked to the Web – and opportunities for exploitation (for mischief, profit or just to make a point) have increased. In fact, technology history shows us that the risk of being ‘hacked’ has been a persistent threat for this variety of the Internet of Things since its earliest days...
20 24
YEAR 1990
1993
RUNNING LOW
First connected device: Internet-connected toaster.
‘Trojan Coffee Pot’ kept users updated on if pot was filled.
2000
2009
2012
2013
Hacks against smart meters cost US electric utility $ms.
Videoconferencing vulnerabilities revealed at hacker convention.
IOT INCEPTION LG’s first Internetenabled fridge.
IoT generally-recognised as concept to describe smart connected devices.
21
FEATURE
cybersecurityeurope
FOCUS
CONSUMER IOT GOES ‘PRO’ While digital/virtual assistants like Amazon Alexa are intended for use in the home, Amazon is also starting to market its Alexa for Business to corporate customers.
Standard consumer IoT tech, such as webcams, smart lighting, and smart home automation systems, are also getting workplace versions. While these officefocused products can cost more and have professional features, they’re still basically customised computers that could expose the same issues as consumer IoT devices. And remember ‘Bring Your Own Device’ – employees allowed to bring their personal preferred laptop or smartphone for use in the workplace? Now some employee could bring in their personal Echo and hook it to their employer’s Wi-Fi to play audio at work; and that ‘unsanctioned’ IoT device could expose that Wi-Fi infrastructure to additional risk. MORE INFORMATION | iotsecurityfoundation.org
CONTINUED
you do not use a wireless sous vide cooker at work doesn’t mean that your work environment is not home to a range of stealthy – and potentially risky – IoT endpoints. In short, while c-suite-level chief officers can be mindful of mainstream IoT cyber security, several connected appliances – in the form of connected office equipment and even connected domestic appliances now found in offices – are now being routinely installed in our places of employment. A quick reminder of why you should have a concern about IoT in the first place is helpful. At security/hacker conferences, IoT security – or rather IoT insecurity – proves a major theme. Hacker talks about automotive consoles, industrial control systems, medical implants, wearable wireless police cameras, and even a popular portable gaming console, featured prominently in the events’ conference programmes. The most appalling common theme was just how easy it was for security researchers to find these IoT security flaws. IoT vendors seem to be making the same secure coding and design mistakes that mainstream enterprise IT solutions providers were prone to 20 years ago. While not all IoT devices suffer these problems, the general security issues above seem to repeat more often than not. All these problems are ones that traditional computer and software manufacturers are aware of and have mostly been mitigated over time. That said, it has taken decades for the traditional mainstream computer industry to clean-up its act. Seeing all these old errors reappear in IoT devices is a bit disheartening, to say the least. You may not hear about workplace IoT as often as you do about consumer IoT, but there are many new devices that show up in offices and some of these devices have the same types of security issues as other IoT devices. Concerningly, these products are being installed at the heart of the physical enterprise, connected to company networks, but without being subject to oversight by the IT function. Here are some general categories of office IoT equipment enterprise governance should watch out for. Smart TVs, collaboration screens, digital whiteboards, and high-end high-definition smart TVs are being installed in many office environments, often to replace existent projector screens. In offices that value high-tech collaboration, you also will see more application-specific interactive touch screens or digital whiteboards. These collaboration devices come with styluses and touch capabilities that allow project teams to sketch diagrams and take notes, while offering networked decision-support features that allow users to screenshare their activity remotely, or seamlessly upload works-in-progress to a cloud storage service. Though these devices offer great ways to collaborate and communicate with local or remote employees, they do potentially expose brand new vulnerabilities. Many of these devices – including smart TVs – use standard operating systems (OSs) such as Google Android. When configured poorly,
2014
AA warns publicly of ‘hacking threat’ to drivers of connected cars; IET publishes first report on automotive cyber security.
22 24
2015
2015
Hacks published online for Samsung and LG smart TVs.
IOActive researchers hack a Jeep Cherokee.
these devices can expose organisations to the same security issues seen in other Android devices. These screens often serve various network services, which can expose their own vulnerabilities. Some even allow you to load standard Android applications from untrusted sources – which could lead to malware infections. As they tend to be linked to local networks to access internal shares, any breach of these smart screens exposes the internal network to attackers. In brief, these digital collaboration screens may not look like computers, but they expose networks to typical computer flaws (if unprotected). It’s becoming common for the enterprise to have employees and business partners distributed around the world. To support such a model, businesses adopt remote presence technology in their meeting rooms. This includes all the types of things that allow ‘webinar-like’ remote meetings, including digital audio (a.k.a. VoIP – Voice-over-IP), high-definition room cameras, microphones, speakers, wireless screensharing services and meeting management servers. Advanced meeting rooms even have a tablet screen on the table that helps meeting participants control and connect to all this whizzy technology. While these meeting devices often seem like purpose-specific technology, manufactured to do one thing, most of them are just typical computers running standard operating systems. Like the screens, many of these meeting tablets just use the Android or Linux computer operating systems, and are
These devices offer great ways for workteams to collaborate and communicate but do also potentially expose brand new vulnerabilities.
2015
2016
2017
Samsung smart fridge exploited.
Hackers take control of car’s brakes.
Vending machine cyber-hijacked.
configured to boot to one program in a kiosk mode. Even some of the network cameras used for conferencing or security are Linux-operated devices. Because these devices do not look like a typical computer, it might mistakenly be thought that they are ‘benign’; chances are they might expose some normal network services you aren’t aware of.
2018
Researchers find vulnerability that affects up to 100m smart home gadgets, from door locks to alarm systems.
23
FEATURE
cybersecurityeurope
State-of-the-art food and beverage vending machines that connect to Wi-Fi and accept Apple Pay, are now common to many office buildings. One so-called ‘smart’ water dispenser allows employees to select flavoured water from a coollooking touch screen. However, savvy employees figured-out a way to force that machine’s screens to exit the default app, finding its normal Android OS. The machine was connected to a Wi-Fi network, which exposed this unexpected Android device to the network. By adding an Internet connection, offices can save money on machine maintenance. If these machines use cellular technology to connect back to vendors, they probably do not expose your workplace to any issues. However, when they take advantage of your Wi-Fi, any security vulnerability that affects the machine, could also get leveraged to expose your normal network too. And remember that the Wi-Fi could be the target of an attack – resulting in a denial of service that brings down wireless connectivity across the premises.
UP CLOSE AND PERSONAL Office desks are getting Wi-Fi connected. Trendy, standing desks tout health benefits to employees who sit too much. Rather than cranking a handle, people want the cool automated ones, with motors that raise and lower the desk to the preferred height. So far, you would not think these desks could expose any risk. However, some companies came up with the idea to combine fitness tracker-like features with the automated smart desk, along the lines of ‘What if your desk could track and catalogue how much you stand or sit, to monitor your fitness goals?’ Anyway, these types of smart desks surely exist, and can use Wi-Fi to transmit those standing and sitting statistics to the cloud or an app. To have Wi-Fi and the Internet means the desk has a built-in processor running some software, which of course means that the computer could expose new vulnerabilities. Many traditional types of computer devices were technically ‘IoT’ long before the term existed. Printers are a prime example. Networked printers have exposed network vulnerabilities since the 1990s. As they’ve been around for decades, some may not think of them in the same category as other IoT devices – but they are. Printers, scanners and network accessible storage devices can all expose vulnerabilities. That said, vendors that make things like printers seem to
24
As connected vehicles now become de facto workplaces, attempts to compromise their cyber security will likely prove disruptive. follow better security practices, probably because they’re more mature at creating network devices, having already been in this market for decades. The office IoT devices we need to worry about are the new ones that don’t really look like computers, so tend to escape notice and enter the workplace under the ‘radar’ of the IT function because they are procured by other departments, such as facilities or office supplies, or even a third-party office management company. However, it’s necessary to realise many of these devices are just stealthy networked computers that often expose the same issues traditional computers have exposed in the past. To make matters worse, some of the companies making these new devices are also new to networking and information security. They try to create highly saleable low-cost devices, which tends to mean they don’t spend much time – or money – on security. Finally, give all due consideration to the fact that the very definition of the ‘workplace’ is shifting – often quite literally. Many of us now treat our cars as annexes to our fixed workplaces. Most new cars roll off their assembly lines with Bluetooth hands-free calling, GPS navigation and Wi-Fi all built-in. The problem is that as our connected vehicles become de facto workplaces and, perforce, part of the IoT, any attempts to compromise automotive cyber security will prove disruptive to our business operations. It’s saddening to conclude that cyber attacks so far directed on driverless and connected cars have been possible due to all-too-familiar vulnerabilities. Wireless connections to the entertainment system, for instance, can expose car control system vulnerabilities to hackers, while another entry point has even been the Bluetooth air pressure sensor in tyres. Researchers – for instance, Charlie Miller and Chris Valasek – have repeatedly demonstrated how these types of flaws enable them to remotely connect to a car and takeover driving controls, such as steering and brakes.
ACCREDITATION Words | Corey Nachreiner, Chief Tech. Officer, WatchGuard Technologies Photography | Shutterstock
| watchguard.com
advertorial
cybersecurityeurope
COOL IN A CRISIS Best response to a cyber security incident requires practice – and business leaders who know how to act under pressure, says IBM Security’s Erno Doorenspleet. ONE OF THE SMARTEST PIECES OF ADVICE I’VE EVER RECEIVED IS THAT YOU SHOULD HOPE FOR THE BEST, BUT PREPARE FOR THE WORST. In business, one of the worst-case scenarios you can find yourself in is to get a call from your security team telling you that your company has been breached, your customers’ private data has been discovered on the dark web, and a journalist is looking for your comment before publishing a news story that will likely cause your company’s stock to plummet. If you haven’t thought about that scenario or don’t know exactly how you would respond, you could be making a big mistake. Too often, I see organizations that spend enormous sums of money on security tools and technologies, without consideration for what happens after a breach. That’s why IBM Security has worked with clients – including some of the world’s largest banks, top intelligence and military agencies, and midsize-to-large organizations from industries such as energy and technology – in live cyber attack simulations in our IBM X-Force Command centers. In fact, the worst-case scenario I describe above is taken directly from one of the gamified experiences offered by IBM X-Force Command. Our clients bring together their technical and leadership teams to participate in exercises that mimic what could potentially happen in a live breach, but in a sterile environment under the instruction of IBM X-Force Command facilitators with years of experience in cyber security, research, the military, and gamification.
More than 2,500 participants have gone through our fixed cyber range facility at IBM Security’s headquarters in Cambridge, Massachusetts – the first full-scale, commercial cyber range. Due to the extraordinary demand from clients, IBM Security decided to bring this unique set of experiences to Europe. We created another first-in-the-industry – a mobile security operations center (SOC) and cyber range aboard an 18-wheeler.
SECURITY OPERATIONS CENTER ON WHEELS The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) offers the same experiences as the US cyber range, but it can travel directly to wherever our
IBM Security tackles the world’s most challenging security
Discover
problems. We’re constantly innovating to find new and better
X-Force Command Cyber Tactical
more
about
ways to protect your data and the people it belongs to – your
Operations Center (C-TOC) at the
customers – freeing you to thrive in the face of cyber uncertainty.
weblinks below...
DETAILS For more information please go to: | ibm.com/xforcecommand | ibm.com/xforcectoc
26
the
IBM
didn’t anticipate was the tremendous need for executives, board members, and leaders from across the business to learn how to respond in a crisis. After hundreds of simulations, we now have a good idea of what separates organizations with a strong incident response from those that lag behind. These are three of the lessons which I believe make the biggest difference in how teams respond to a crisis situation:
clients are. The C-TOC sits aboard a 23-ton tractor trailer that expands to house 20 workstations for clients and crew members. With a 100Tb data center, and satellite dishes for 1,000 Mbps networking, the C-TOC has the capability to recreate a cyber range for training and red teaming, a sterile environment for cyber investigations, or an on-site SOC for large-scale events. The public’s response to the C-TOC, which debuted in the US in late 2018, has been overwhelmingly positive. On our first European stop in London, IBM clients and partners, politicians, and members of the media were given a taste of the experience. Ian Glover, President of CREST, the accreditation and certification body for ethical security testing and cyber incident response, told our team in London that he was impressed by IBM Security’s attention to cyber security training and awareness, and our focus on cross-functional incident response. “Cyber security related incidents are, I believe, different from traditional business continuity management,” Glover said. “Therefore, the ability to actually run exercises that are enterprise-wide, and involve all the different parties, is a really good concept.” Initially, upon opening the US cyber range, our team expected that it would serve as a training ground for security teams to practise their incident response runbooks and learn technical skills for cyber investigations. What we
1. CULTURE AND COHESION COUNT Organizations that successfully navigate the X-Force Command experiences have a strong security culture that emphasizes how security is everyone’s job, from the SOC to the C-suite, and business units from Human Resources to Finance. A strong incident response requires a cohesive fusion team, made up of individuals who know their roles, but who aren’t afraid to take charge when decisive action is needed. 2. PLAYBOOKS CRACK UNDER PRESSURE Most organizations don’t have a detailed incident response playbook. But even those that do, have not practiced it in any meaningful way. You don’t want to be taking the playbook ‘off the shelf’ for the first time during a breach event. Much like first responders who constantly train for emergencies, you have to be able to execute your plan from ‘muscle memory’, so you can lean into the problem without hesitation and rapidly shift to making adjustments when the unexpected inevitably happens. 3. LEADERSHIP MATTERS Crisis leadership is a skill that can be learned – but the best leaders aren’t necessarily those at the top of the organization. Your best leaders may not have a traditional cyber security background. Identify people with those skills in your organization and look beyond certifications and degrees when hiring staff for your security teams. Finally, learn leadership skills yourself. When crisis strikes, you might be the one to step up and take charge. Erno Doorenspleet is a Global Executive Security Advisor, IBM X-Force Command.
27
TOP TEN
cybersecurityeurope
HIT LIST When it comes to extracting value from misappropriated data, cyber criminals are nothing if not versatile. As the digitalised world fills with data of many different kinds, they find new ways to profit from it.
INTELLECTUAL PROPERTY TO NATION STATE THREAT ACTORS, Intellectual Property (IP) is much more highly prized than mere money. In December 2018 the UK Foreign Office and FBI publicly restated their belief that overseas agencies in countries like China are mounting campaigns to steal IP from British and American companies. Today’s culture of internationalised product development means that the much valuable IP is shared and trafficked between partners and within supply chains over global digital channels with mixed degrees of cyber protection; the EU is working to address this. CEO FRAUD ALSO KNOWN AS Business Email Compromise (BEC), CEO fraud is on the rise. In these attacks, a cyber criminal pretends to be a senior executive and requests that a finance department (for example) staffer makes a purportedly ‘emergency’ payment to one of their disguised confederates or affiliates. Authentic data about impersonated executives is key to the such scams: it means that they can be backedup with spoofed emails and phoned ‘confirmations’, based on real details, that may not be spotted as fakes.
28
MEDICAL RECORDS HACKED MEDICAL RECORDS are very valuable. Research from the Institute for Critical Infrastructure Technology suggests that stolen patient records end-up for sale on the Dark Web as part of information packages called ‘fullz’ and ‘identity kits’: these are used by fraudsters to commit a variety of digital crimes. Identity kits are then used for a variety of criminal activities, and to launch further attacks using social engineering. According to another study published in JAMIA Open, in the five years to 2018, there were some 1,512 reported data breaches of confidential health information affecting 154,415,257 patient records. This included 215 health plan breaches, 1,073 breaches of a hospital or health care provider, and 224 breaches involving other healthcare parties who handle patient records.
IDENTITY THEFT IT ANALYST MarketsAndMarkets says that on average, organisations around the world bear a loss of over $200bn each year due to identity theft. Growing number of identity theft instances can be attributed to the rapidly growing penetration of internet services worldwide; and it’s likely that the situation will get worse in the foreseeable future, as more public records are posted on public sector websites, making them more vulnerable to data breaches.
PHONE ACCOUNT BILLING YOUR C-SUITE may be up-to-speed about smartphones being hacked for their data, but how about phone bill hacks? Companies have been hit by phone use costs incurred by hackers who use a hijacked account to runup bills with expensive internal calls made overnight while the account owner is asleep. Another scam is to covertly install on phone platforms software that diverts company phone call traffic via premium-rate numbers registered to criminal affiliates.
FREIGHT LOGISTICS CYBER-SAVVY criminal gangs hack into systems that control worldwide shipping to smuggle drugs and other contraband on a vast scale, security specialist Pen Test Partners has warned. By hacking into the freight logistics system, covert agents can also physically board container ships and know precisely where their targeted cargo has been placed, or intercept containers as they’re unloaded at port, using a copy of the consignment’s digital loading plan.
EDUCATION SECURITY RATINGS provider BitSight cites three key reasons why the European education sector presents a target for ransomware attacks. 1: students regularly engage in risky online behaviours that expose them to ransomware attacks, such as treating email attachments with insufficient wariness, and visit websites that traffic in pirated entertainment. 2: The open and interconnected nature of campus IT presents multiple attack vectors. 3: Budgetary pressures have made it difficult for some academic institutions to fund IT security investments; education generally lags behind other vertical sectors.
POLITICAL INTENT HACKING INTO the world of European political decision-making can often yield valuable information for cyber criminals and other threat actors. New national policy decisions that will affect conditions of trade or changes to business taxation rates, for instance, can have major impacts across international trading conditions.
ENTERTAINMENT RICH PICKINGS might soon be had from breaching studios’ IT systems and filching confidential information about popular TV series that contains details of plotlines and denouements that can be used for extortion; if the studios don’t pay-up, simple episode spoilers are released onto the web.
MARKET INFORMATION SOMETIMES HACKERS are not interested in data that they can resell or extort with. Information that has been gleaned from confidential company proposals has a value to brokers and financial speculators on the look-out for tips about investment opportunities. Victims may never know their docs are being scanned by outsiders.
29
FEATURE
cybersecurityeurope
CYBER INSURANCE If you want to be insured against losses from cyber attacks, ensure that your organisation can pass an insurer’s security ‘fitness tests’.
CYBER INSURANCE – ALSO KNOWN AS CYBER RISK INSURANCE – HAS PUT INSURERS AND INSURED ON A MAJOR LEARNING CURVE. ALTHOUGH THIS BASIC PROPOSITION seems to be straightforward, policies designed to recompense enterprises for damages due to cyber attack can prove complex and difficult to get right. In its report Insurance 2020 and Beyond, consultancy PwC points out that cyber risk ‘is not like any other risk insurers and re-insurers have ever had to underwrite... While underwriters can estimate the likely cost of systems remediation with reasonable certainty, there isn’t enough historical data to gauge further losses resulting from brand impairment or compensation to customers, suppliers and other stakeholders’. For governance officers, cyber insurance assessment can highlight contentious questions over cyber ‘defence spending’. But the variable factors and grey areas that are known to exist have not deterred insurers or their customers from driving market growth. For enterprises, cyber insurance entails yet another exercise in in-depth cyber self-examination. Unlike other forms of enterprise insurance, there are few ‘known-knowns’ when it comes to the assessment of cyber threats. It’s almost impossible to anticipate with any reliable degree of certainty, where threats are going to spring from, and the size of their damage impact zone. Yet, it’s also a market that insurers GUIDE
‘PREPARING FOR CYBER INSURANCE’ Insurance federation Insurance Europe has produced a joint report Preparing for cyber insurance. It aims to help European organisations gain a better understanding of their cyber exposures. | insuranceeurope.eu
30
The Digital Lawyer is a lawyer who practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a specializes in what is known as cyb understanding the application of inf law making optimal use of networke within intellectual property law, or o the concept of the digital lawyer is Digital Lawyer is a lawyer who pra practices “computer law”, which is a law of electronic networks. The ke technology to every aspect of the la technology. A digital lawyer is not a
practices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who berlaw, or the law of electronic networks. The key to understanding the concept of the digital lawyer is in formation technology to every aspect of the lawyer’s practice. The Digital Lawyer is a lawyer who practices ed computer technology. A digital lawyer is not a lawyer who practices “computer law”, which is a subspecialty one who specializes in what is known as cyberlaw, or the law of electronic networks. The key to understanding s in understanding the application of information technology to every aspect of the lawyer’s practice. The actices law making optimal use of networked computer technology. A digital lawyer is not a lawyer who a subspecialty within intellectual property law, or one who specializes in what is known as cyberlaw, or the ey to understanding the concept of the digital lawyer is in understanding the application of information awyer’s practice. The Digital Lawyer is a lawyer who practices law making optimal use of networked computer a lawyer who practices “computer law”, which is a subspecialty within intellectual property law, or one who
FEATURE
cybersecurityeurope
CYBER CLAIMS RECEIVED BY AIG EMEA (2017) BY INDUSTRY
*food and beverage, construction, information services, real estate, agriculture.
20%
0
18%
BRIEF
18%
12%
10%
KEY COVERAGE ELEMENTS It is a common misapprehension about cyber risk insurance that it is designed to primarily compensate for valued data compromised in a cyber attack on IT infrastructure.
IT systems are certainly the main impact zone for cyber attacks; but governance and financial officers should be aware that there are other outcome cost considerations that should be scoped. According to R&R Insurance, there are seven expense elements to cyber liability coverage that policies should cover: FORENSIC EXPENSES You have determined that data has been compromised and need to investigate what happened, how it happened, and what information was accessed. Costs to hire an external forensic team for discovery (as required) is covered. CONTINUES ON PAGE 34
32
10%
8%
5%
5%
4%
4%
Note: Figures may not add up to 100% due to rounding
In 2017, cyber claims were made by insureds in eight sectors that had not previously featured in AIG’s statistics. This is a trend, whereby a larger number of notifications each year are coming from a broader range of industry sectors (such as energy and transportation), and not just those traditionally associated with cyber risk. Source: AIG Cyber Claims Study (2018)
8%
reckon will provide them with considerable future value. Analyst Allied Market Research forecasts that the global market is expected to garner $14bn by 2022, registering a CAGR of nearly 28% through to 2022. The threat landscape is continually evolving; the nature of business operations means that new threats and vulnerabilities may emerge by the week. Cyber insurers routinely require that applicants for coverage are assessed to see how well their current defences would stack up in the event of an attack. Value judgements based of the evidence of security audits often throw up moot points, like known vulnerabilities that would cost more money to fix than would likely be lost were they exploited in an attack. “Calculation of cyber risk is substantially different from calculating typical commercial risks,” says Paul Mang, General Manager-Analytics & Data Services at Guidewire. “Cyber risks constantly evolve because of the pace of technological evolution. This means that data often needs to be collected in a dynamic, real-time manner for insurers to keep pace with ever-changing threat vectors.” This sets a demanding new challenge for auditors. Nonetheless, it’s clear that cyber insurance “is important and needed,” acknowledges Sharon Besser, VP Products at Guardicore. “Like other types of insurance, cyber insurance allows you to engage more capital to run the operation… Without insurance, targeted organisations [would have to] set aside large amounts of money to cover potential financial consequences of risk exposure, should they come to pass.”
I believe that we’ll see cyber insurers running their own risk audits, or use tech solutions to address a potential client’s security posture. Attack attribution is at the heart of Threat Intelligence that’s often a decisive factor when settlements are made – it’s the incriminatory evidence that indicates likely culprits behind an attack. Intelligence that customarily provides the evidence in support of cyber insurance claims. It’s also a contentious area of Threat Intelligence, because even when it does seem clear who is behind an attack, that information itself has to be validated against the possibility of false trails, track covering, and other subterfuge an attacker has left. Attackers are dastardly, and the avoidance of attack misattribution is important for insurance claim validation, and also to avoid legal action in the event of a mistaken allegation caused by attackers that
CYBER CLAIMS RECEIVED BY AIG EMEA 2013-17
CYBER INSURANCE PREMIUMS WRITTEN (PROJECTED)
Claims frequency volume has increased again in the last available year’s figures. In 2017 AIG’s cyber claims handled the equivalent of one claim per-working-day.
PwC’s 2016 Global State of Information Security Survey was based on responses of more than 10,000 c-suite execs, VPs and directors of IT and security practices from 127 countries.
2013 0.2%
$7.5
2014 5%
$6.2
2015 11%
$5.2 $4.3
2016 34% $3.6
2013-16 50%
US$ (billions)
2017 50%
ENTIRE YEAR COMBINED Source: AIG Cyber Claims Study (2018)
2016
2017
give the impression of being some other party. “We have seen numerous cases where cyber outlaws and terrorists penetrated legitimate networks in order to launch attacks,” reports Sharon Besser at Guardicore. “Let’s imagine that as a preventive action, the targeted organisation shut down its network and the organisation’s services. If the insurance policy is ambiguous, then such an act could be used by the insurer to reject a claim for losses.” “Accurate attack attribution will be an important part of defining policy payout terms. More important, however, will be that organisations are actively involved in corresponding cyber risk reduction programs that affect their policy terms and pay-out terms, with their insurance providers,” explains Matthew McKenna, Vice-President EMEA at SecurityScorecard. “It will be finding that ideal balance between financial risk transference from the policy and having to proactively engage in risk reduction programs as part of the policy that will result in the overall reduction of contested claims [as things play out] over the longer term.”
ATTACK ATTRIBUTION is decisive factor Nation state threat actors have employed a wide variety of measures to obfuscate their actions including implanting false code, hijacking infrastructure, and recruiting spies to run cyber operations, says Paul Mang at Guidewire. “In addition, nation state cyber weapons are often repurposed by hacktivists and other hackers,” Mang adds, so it can be very hard – if not impossible – to determine which suspect party is really behind an attack. “As nation states [home and foreign] get more involved in regulation and even technical controls, and the insurer offers to cover residual risk, the roles and responsibilities of the individual business become less clear,” says Charl van der Walt, Chief Security Strategy Officer at SecureData. “Ultimately, insurers are learning from these incidents, and have the necessary experience to find a balance between their premiums and their policies, and so will –eventually – develop offerings that strike a reasonable balance that proves attractive to their given target market. “Until then, the tension and uncertainty in the market will probably continue.” According to Guidewire’s Paul Mang, “The cyber landscape is such that some nation states are frequently attacking each other. However, these nation states have employed a wide variety of measures to obfuscate their actions, including implanting false code, hijacking infrastructure, and recruiting spies to run cyber operations.” In addition, nation state cyber weapons are often repurposed by hacktivists and other types and groups of hackers. “Finally, forensic analysis on human actors in a technical system
2018
2019
2020
is an imperfect science because of the multiple layers of complexity and the sheer volume of information to review,” Mang adds. “Because of these factors, it is extremely difficult to definitively prove [that a given] nation state was responsible for any specific attack.” We’ll see insurers “running their own risk audits.” predicts Guardicore’s Besser, “or use tech solutions to assess [a potential client’s] organisation’s situation, before pricing, approving or denying coverage.” “Cyber risk insurance providers are currently investing in multiple forms of telemetry, risk modelling, and other tooling, which helps them manage the pricing of their policies and eventually how claims are paid out,” says Matthew McKenna at SecurityScorecard. “In respect to nation state threat actors, it will certainly be within the realms of possibility if it doesn’t already exist that policies will be created for these eventualities. Cyber warfare of government against global enterprises is commonplace, and should be taken into consideration as part of policy alternatives.” Business would be “attracted to the route of security compliance and cyber insurance, which promises a predictable balance between [security] investment and the maximum downside risk they’re exposed to,” says van der Walt at SecureData. “While this is attractive financially, it might lead to a situation where ‘best practice’ becomes the only practice – and that might not be sufficient in light of increasingly well-funded, motivated and brazen adversaries.”
33
FEATURE
cybersecurityeurope
LEGAL EXPENSES You will need legal representation in order to determine the scope of the federal and state notification requirement breaches. You will also need legal counsel to defend you in the event a suit is filed against you. NOTIFICATION EXPENSES These expenses can include things like postage, paper, printing, call centers, etc. REGULATORY FINES AND PENALTIES The government (and its regulators) will want, and receive, their monies. CREDIT MONITORING AND ID THEFT REPAIR While not legally required, R&R Insurance reports, it is however generally agreed that offering these services to the affected parties will reduce potential legal liability, and is considered the right thing to do. PUBLIC RELATIONS EXPENSES The manner in which a security breach is reported to the media can be crucial to restoring your reputation and maintaining your clients, vendors, business associates, partners, patients, and other stakeholders. LIABILITY AND DEFENCE COSTS It is not uncommon for class action lawsuits to be filed against an organisation following a breach against them. You will need legal representation, which can be of your own choice or appointed by the insurance carrier. Either way, coverage is available for these costs. Source: myknowledgebroker.com
34
“Insurers and technology start-ups are targeting the growing cyber insurance market through the use of innovative software that makes assessing and pricing risk much quicker and more accurate for companies of all sizes,” blogged Sarah Stephens, Partner & Head of Cyber at JLT Specialty, on industry website InsurTech Rising 365. “Through this reduction and pooling of risk, premiums can be lowered… This advancement in technology works in the interest of companies, as they reduce their risk and the premiums they have to pay, as well as improving the relationship between start-ups and insurers, as they work together to boost capacity within the market.”
Many organisations are now actively involved in corresponding their cyber risk reduction programs with their insurance providers. Meanwhile, for SecurityScorecard’s Matthew McKenna, many insurers are still in ‘discovery mode’ when it comes to working out how best to use assessment tools... The market is still in an early phase, and cyber insurance providers are seeking how to aggregate multiple points of telemetry of their policy holders to capture as an accurate assessment of cyber risk of an organisation as is possible.” McKenna continues: “As the maturity and scalability of the telemetry increases to be able to provide comprehensive cyber risk oversight, insurance companies will be able to more effectively generate more accurate policies [in my expectation]. It will take time for these points to meet in the middle for the ideal balance”. According to professional services firm PwC’s Insurance 2020: Reaping the Dividends of Cyber Resilience briefing paper, cyber insurance is a potentially huge, but still largely untapped opportunity for insurers and reinsurers. It estimates that annual gross written premiums are set to grow from around $2.5bn in 2018 to reach $7.5bn by the end of this decade. “Cyber insurance could soon become a client expectation and insurers that are unwilling to embrace it risk losing out on other business,” PwC suggests, “if cyber products don’t form part of their offering.”
ACCREDITATION Words | James Hayes Photography | Shutterstock
CSEUROPE.INFO TOWARD A SECURE INDUSTRY 4.0 Securing the Internet of Things will drive the adoption of digitalised industrial processes – but management must know that IoT security can scale as needed. Page 58
CLOUD FORMATIONS How have cloud services been made more secure than on-premises IT? Page 38
CYBER INSURANCE Would your organisation pass a cyber insurance risk assessment? Page 30
algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics
FUTURES
insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious
PAGE 48
AI: who knows?
threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow
INDUSTRY JOURNEYS TIME TO JOIN FORCES WITH ARTIFICIAL INTELLIGENCE FOR THREAT DETECTION EXCLUSIVE Q&A
IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat
PAGE 44
intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics insider threat log files machine learning malicious threat phishing attack security automation security posture shadow
FACE TO FACE WITH... Ian Thornton-Trump, Head of Cyber Security, AmTrust: “The anonymous characteristics of cryptocurrencies will certainly be embraced by threat actors”
BE SECURE IN THE KNOWLEDGE… Cyber attacks now strike European organisations every day, every hour, everywhere. Businesses, governments, and the other organisations our economies depend on are targeted relentlessly and ruthlessly. With new data protection and corporate governance regulations, along with emerging threat types, and hardline business decisions to make, Europe’s business leaders are directly in the cyber security firing line. More than ever, they have to stay informed about the key information security challenges. Cyber Security Europe is designed in order to meet the information requirement of the top-tier European boardroom and c-suite executives who want to keep updated on today’s increasingly critical cyber security management issues. We provide the essential intelligence, insight and information you need to formulate policy and work successfully with enterprise technologists to deliver highly effective security strategies – and part of your cyber intelligence armoury.
IT threat intelligence algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills data analytics
CLOUD & CYBER SECURITY EXPO
ENGAGEMENT
|
EXCEL LONDON
|
threat log files| machine learning malicious threat phishing 12 insider – 13 MARCH 2019 CLOUDSECURITYEXPO.COM
attack security automation security posture shadow IT threat intelligence algorithm artificial intelligence cyber governance cyber
CYBER SECURITY EUROPE MEDIA OPPORTUNITIES – IN PRINT AND DIGITAL
Cyber Security Europe is the information platform that meets your information requirement in your preferred delivery format. For more details, content, and to subscribe to our newsletter, go to:
| cseurope.info or email corporate@worldshowmedia.net
FOR ALL YOUR EVENT AND EXHIBITION PUBLISHING REQUIREMENTS
ONLINE, DIGITAL AND PRINT EDITING ● DESIGN ● ADVERTISING SALES ● PROJECT MANAGEMENT ● INTERNATIONAL
WORLD SHOW MEDIA Tel: +44 (0) 203 960 1999 | Fax: +44 (0) 845 862 3433 | Website: worldshowmedia.net For all corporate enquiries | corporate@worldshowmedia.net
advertorial
cybersecurityeurope
FASTER FIGHT-BACK Speed of decision-making: critical to effective cyber defensive. Orion Malware enables a fast range of respond to threats, says Airbus CyberSecurity’s Julien Ménissez. IT’S A TRUISM THAT THAT SECURITY TEAMS IN LARGE ORGANISATIONS MUST ANALYSE MANY THOUSANDS OF FILES ON AN AVERAGE DAY, an unknown number of which represent a threat. In the past, this was a relatively straightforward problem of dividing files into those which matched a signature hash denoting a known ‘bad’ file, a larger number passed as ‘clean’ and a small number that fell into a ‘grey’ area somewhere between the two, and which merited further investigation. As the number in the ‘grey’ category has expanded dramatically, analysis has become increasingly complex. Malware is more sophisticated and less likely to look like the threats encountered yesterday, last week or last month. Identifying friend from foe is not only technically difficult, but also consumes time in an environment where security personnel must identify malware quickly to remediate attacks that might already have achieved a foothold. Airbus CyberSecurity’s Orion Malware is a suite of tools that are designed to help Security Operations Centres (SOCs) and security teams solve these problems as quickly and as accurately as possible. Having evolved over several years within Airbus CyberSecurity’s inhouse Computer Security Incident Response Team (CSIRT), its fundamental capability is its integration of multiple layers of identification and analysis into a single environment that can be used as a network appliance, or remotely as a service.
Analysis of this kind is a complex undertaking requiring years of experience and expertise, which is why an important feature of Orion Malware is its ability to be used by a wide range of professionals in many situations.
full-featured platform This software can be used by non-expert users via a service website, by blue teams during joint international DEFNET exercises, SOC teams saving time during the triage of files sent by users for analysis, and IT teams wishing to detect malware in files extracted by network probes. In the years of deployment by Airbus CyberSecurity, Orion has been honed into a full-featured platform which can
Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military, organisations and critical national infrastructure from cyber threats. We provide a global cyber defence approach that aims to protect, detect and respond to cyber threats with a portfolio that
includes encryption, managed security, industrial control systems, key management and consultancy services. Pictured below: Julien Ménissez, Airbus CyberSecurity.
DETAILS For more information please visit the company website: | airbus-cyber-security.com
36
customised to requirements
perform the whole workflow rather only specific parts of the job. Files for analysis can be submitted in a numerous array of formats (including document files, Android APK, archives, JavaScript, Windows help files, Linux and other binaries, and so on), using the product API (application programming interface), via the command line or through a web interface, with the results kept private to an individual or small groups or made public.
sandbox analysis techniques At the end of the process, the file is given a risk rating with a more detailed report which can be exported to a security information and event management (SIEM) for correlation with other data. The centre of Orion’s workflow is the Qspy sandbox. This is a secure virtualised environment where a file can be opened or executed to understand and probe its behaviour - and its possible payload. Naturally, this is hardened to counter the techniques sometimes used by cyber attackers to ‘escape’ sandboxing detection techniques. The analysis is carried out by a combination of techniques including signature search, heuristics, multiple antivirus solutions, and other static and dynamic analysis tools. Orion also has its own heuristics operating system on the information extracted from the static analysis of the files. YARA or MAGIC rules can be implemented to supplement detections made using antivirus tools.
In addition to file execution, the sandbox’s detection is tuned to spot system alteration, process and injection techniques, modification of firewall configuration, and interaction with the file system and registry keys, which together allow it to cope with anything from sophisticated ransomware to zeroday threats. This can be achieved in less than 70 seconds per file analysed, while it is also possible for an operator to query Orion Malware modules on an individual basis. Organisations can customise the product, including using third-party AV engines, as well as adjust sandboxing for specific environments such as Microsoft Windows 7, Windows 10, Linux and even Google Android. A web interface makes it possible, optionally, to submit the results of file analysis so that they can be shared with other customers. After ongoing deployments, the Orion Malware is best suited national defence, the financial sector, and critical infrastructure such as water and energy. What is clear is that there is an urgent – and growing – demand from large organisations for something that simplifies the problem of quickly analysing and identifying malware. Current malware can often bypass antivirus detection which means that customers are forced to multiply their defences to achieve a defence-in-depth.
Effective cyber threat analysis is a complex undertaking that requires years of experience and expertise. The problem is that this brings with it complexity, expense and the risk that a threat is missed. The high-risk customers to which Orion appeals badly need something to cope with the massive expansion in file-based threats. The challenge, as ever, is to do this without simply generating new overheads. With Orion malware, the customer benefits from multiple technologies in a single product. Julien Ménissez is Cyberdefence Product Manager, Airbus CyberSecurity.
37
FEATURE
cybersecurityeurope
HEAD TOWARD CLOUD
Many organisations not only feel more secure about migrating all of their sensitive data into cloud-based services: some, in fact, believe it’s the safest place.
ENTERPRISE CLOUD COMPUTING HAS BEEN CLOSELY LINKED TO INFORMATION SECURITY – INEXTRICABLY, SOME MIGHT ARGUE – SINCE THE THIRD-PARTY SHARED COMPUTING CONCEPT EMERGED IN THE MID-2000S. Given the scale of operational IT change that the cloud model represents, that’s hardly surprising; the fact the cloud services industry was for years made up of new, untested would-be service providers, was an additional inhibitor; and it’s arguable that only since ‘big name’ brands like Microsoft (Azure) and Amazon (Drive) have entered the fray that big name organisations have brought forward their cloud adoption plans. Caution among IT chiefs has been understandable, and sometimes inevitable. Before cloud blew in, most sizable organisations held their critical data on self-owned storage resources, using on-premises systems, or those located within private or independent data centres. The notion of paying an external third-party cloud hosting company to store even non-critical FOCUS
IS TOTALLY SECURE CLOUD STILL OUT OF REACH? As senior executives become more closely involved with the governance of information security, it’s inevitable that they must acquire better knowledge of the enterprise implications of computing in the cloud. But ‘a darker
38
truth’ hides behind the silver lining of the cloud, according to Ixia’s Cloud Security Report: data breaches are up nearly 45% year over year, and
one survey found that nearly 75% of companies studied had ‘one or more’ serious security misconfigurations. One interpretation is that the current
evolution of cloud security practices ‘trails way behind the mainstream adoption of cloud operations’. If true it means they are out-of-sync: where cloud leads, defensive cyber security continues to follow.
39
FEATURE
cybersecurityeurope
FACTS
SECURITY AUTOMATION ‘Security automation’ is the name for automated handling of a task in a cyber security application that would otherwise be done by a IT security specialist.
The recent Impact of the Cloud-enabled Workplace on Cybersecurity Strategies report from Oracle and KPMG found that emerging technologies like security automation ‘promise to improve the efficacy of detecting and preventing threats’, as well as upping the operational efficiency with which cloud-enabled workplaces are secured. Some information security practitioners were reportedly uncomfortable at the automation of cyber security actions: these include responding to alerts triaged by security operations centres and updating firewall rules. However, security automation is now viewed as a fundamental technology to efficiently respond to events and remediate weaknesses, the report’s key findings suggest. In fact, 49% of those surveyed for the report say they are ‘evaluating and planning security automation’; another 35% said that they are investing in solutions. In the context of many of the dynamics discussed by all the insight documents in this review, including the shortage of cyber security skills and increasingly complicated environments to be secured, automation promises to provide the much-needed operational efficiencies. FOR MORE INFORMATION | cloudsecurityalliance.org | oracle.com/cloud
40
enterprise data on their storage systems/data centres was deemed by many organisations as unacceptably risky. How could they know that a cloud service provider could be trusted not to look at, copy, delete or disappear completely with valuable data? Moreover, even when they were persuaded a cloud partner could be trusted not to do any of these things, how could they be sure that their defensive IT security was as strong as self-managed security? These and other questions dogged cloud acceptance for many years. Another inhibitor that took some time to overcome was resistance on the part of senior managers to having critical datasets trafficked around between virtualised storage volumes that might exist in physical locations hundreds of miles – or even countries – apart. “Most CEOs have the idea that data is suddenly less secure in the cloud,” Pete Langas, Director/Sales & Business Development at cloud services provider Nerdio, has blogged. “After all, if a file is constantly being uploaded and downloaded to and from a remote server, it’s now vulnerable in three places instead of one: on the server, on the host computer, and in transit. Right? Wrong... The major way that cloud providers keep your data safe is through encryption, which includes both ‘at rest’ (meaning once the file has been downloaded) and ‘in transit’ (meaning while the file is being accessed) encryption. This means that even if a file were intercepted by a rogue user during a download, they wouldn’t be able to access the critical data contained inside.”
Cloud is the securer option: true or not? Cyber-resilience also became a yardstick by which to measure the ‘maturity’ of the cloud services industry. ‘Maturity’ is a somewhat catch-all phrase that pertains to range of issues which range from scalability and stability, to tech support and price model flexibility. Cloud services providers soon understood that in order to offer a compelling cost model alternative to client-owned IT counts for naught if they could not demonstrate that the services they offered were as cyber-secure as it gets. Cloud cyber security has acquired another resonance. The growth of cloud adoption within the context of wider changes within the broader context of executive governance means that board and c-suite-level officers have moved closer to the cloud decision-making process. As importantly, to ensure that cloud adoption plans align with necessary organisational governance models and regulatory compliances, and also align seamlessly with core line-of-business and other critical applications, leaders want to access as much knowledge and insight on this topic as they can find. Increasingly, their information requirement has been met by freely-available guidance published into the public domain each quarter, selected examples of which are drawn from here. Ixia’s latest Cloud Security Report states that 2018 was ‘the year many IT organisations shifted their focus from cloud migration to cloud operations’. Many of those organisations expected cloud infrastructure would bring improved security, and have fair reasons for doing so. The cloud industry generally has always pleaded the case that cloud offers as good as, if not superior, security because the client data it holds is customarily encrypted for storage (not that encryption blocks actual access breaches). Some analysis would support this, and go so far as to suggest that the issue of concerns about cloud security has actually turned the other way, with improved security being a factor that drives some organisations to opt cloud. According to Gemalto’s Global Cloud Data Security Study 2018, for instance, more companies now move to cloud providers in the belief that they will actually improve their information security. While, for the Gemalto
Alert Logic Cloud Security Spotlight Report 2018
FOCUS
BIGGEST SECURITY THREATS IN PUBLIC CLOUDS
As workloads shift into the cloud, security managers remain concerned about security of data, systems and services. A 2018 report by Alert Logic found that IT security strategists now reassess their security ‘posture’, as traditional security tools are often unsuited for the threat dynamic virtual and distributed cloud environments now face.
OTHER THREATS: 39% External sharing of data 33% State sponsored attacks 30% Malicious insiders 26% Malware/ransomware 22% Denial of service attacks
11001010110010101 010PASSWORD10 11001010110010101 11001010110010101
62%
Cloud platform misconfiguration
55%
Unauthorised access
sample, cost and faster deployment time are the most important criteria for selecting a cloud provider, security as a winning factor increased from 12% of respondents in 2015 to 26% by 2017. It’s about more than keeping static data assets safe. The secure hosting of line-of-business applications is another emergent trend that complicates cyber security strategy. This is because it creates an extra vector of attack for cyber threats. The trouble is that not all enterprise applications are hosted by secure providers using secure cloud environments. In many instances, ‘enterprise applications’ include those made available to workforces by ‘unofficial’ third-party providers – usually in the form of smartphone apps – where employees are using apps to support their core line-of-business tasks, and in doing so provide opportunities for hackers to circumvent standard enterprise cyber security safeguards. AT&T’s latest CEO’s Guide to Cloud Data Security reveals that recent analysis of global cloud usage data found that the average organisation uses 1,427 cloud services – each represented by an app on at least one employee’s phone. Cloud services account for 71% of services used by the average organisation, the Guide reports (‘consumer’ services account for the remaining 29% of business use). The type and value of data that’s being stored and accessed via cloud services is changing apace. According to the 2018 Guide To Managing Cloud Security white paper from the SANS Institute (sponsored by Tenable), businesses and other organisations are now storing more sensitive customerrelated data – personally identifiable information (PII) and healthcare records – in cloud environments. The 2017 SANS Cloud Security survey found that 40% of respondents said they were storing customer PII in the cloud (compared to 35% in 2016) and 21% stored healthcare records in the cloud (up from 19% on 2016). With customer PII, this need is being encouraged by the fact that multiple parts of an organisation want to access the same data records for different purposes – e.g., CRM, marketing, new business development, data analytics. The cloud model is suited to this requirement, as scalability and flexibility can be added on demand. This enables a wider range of business functions to access the same data sets without the need for duplication; and so the margin for error that duplication creates is reduced. Alas, this also means that cyber threats target cloud services to get at that highly-desirable commercial data, which means that cloud is subjected to more intensive attack levels. There’s some evidence that if cyber security does not scale in line with greater cloud operations, it opens fresh tears in the cloud attack surface. Ixia’s Cloud Security Report notes that its research (and that of third parties) suggests ‘a darker truth’ hides behind the ‘silver lining’ of the cloud: data breaches are up nearly 45% year-over-year, and one survey found that nearly 75% of companies studied had ‘one or more’ serious security misconfigurations. Ixia concludes that ‘the evolution of cloud security practices trails behind
50%
Insecure interfaces/APIs
47%
Hijacking of accounts/
the mainstream adoption of cloud operations’. This scenario illustrates for senior executives the unseen risks of initiating new business initiatives without also reviewing likely commensurate cyber security implications to their businesses. The need to ‘retool with a focus on people’ is evidenced by one of the findings of this research by the 2018 Oracle and KPMG Cloud Threat Report: the emergence of a new role: Cloud Security Architect (CSA). The increasing prominence of the CSA as a core member of new cloud security teams is indicative of the recognition for many organisations that the need to retool for the cloud means bringing on board not only individuals who can fill a technical skills gap, says the report’s authors, but also those who can ‘strategically architect a cyber security strategy aligned with the speed of the cloud’. “Traditional security architects often focus on broad-reaching
Some analysts now suggest that data stored in the cloud is actually more secure than it would be if stored on owned IT systems. security topics that impact the onpremises, mobile, and cloud world,” says Greg Jensen, Senior Principal Director/ Security at Oracle, writing in the Oracle & KPMG Cloud Threat Report. “This role has become a bit of a ‘jack of all trades’ role. The CSA was created to be the ‘master of cloud security’ who understands every security- and compliance-related challenge” that a business owner or infrastructure, platform, or app team could run into with new cloud build-outs.
ACCREDITATION Words | James Hayes Photography | Shutterstock
41
viewpoint
cybersecurityeurope
REACHING FOR THE CLOUD Cloud is transformative – but it also energizes key business processes and drives insight into IT/business synergies. Henrik Nilsson, VP of EMEA, Apptio, explains. MORE THAN EVER, CLOUD PROMISES SPEED, FLEXIBILITY AND COST BENEFITS TO BUSINESS. SO IT IS NOT THAT SURPRISING that Gartner, Inc. reports that 28% of spending within key enterprise IT markets will shift to cloud by 2022 (up from 19% in 2018). A cloud-first strategy is becoming critical as many businesses embrace the need to develop and deliver software and services at speed. However, this move to cloud is not without challenges. IT leaders often experience spiralling cloud costs, duplicate infrastructure on-premises and cloud, and issues prioritizing which workloads to migrate first. Businesses need a cloud cost management and an optimization platform that provides a complete visual on cloud investments with unified cost analysis, the ability to optimise resources and decisions, and drive cost accountability for cloud consumption across teams. Apptio enables technology and finance leaders to accelerate a move to the cloud while managing these issues with speed and confidence. With Apptio, leaders achieve predictable spending, rightsized resources and an informed cloud migration strategy to unleash innovation by reaching the cloud quickly and efficiently. Apptio helps organisations understand and manage cost, utilization, and capacity all in one place and take action to keep costs under control and make informed decisions. Apptio’s software translates cloud costs into a holistic, business-centric view so IT and finance leaders can
set targets, measure business results and drive investment decisions. Better understanding means better control – of everything from cloud resources to cloud costs. Apptio Cloud Business Management applies machine learning to optimize cloud resources and translates bills and tags into insights to provide real time clarity and accountability. Apptio Hybrid Business Management gives IT leaders a single pane of glass to understand, manage and optimize multi-cloud and on-premises infrastructure spend and accelerate cloud migration.
Apptio fuels digital business transformation. Technology leaders use Apptio’s machine learning software to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business
DETAILS
centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business.
For further information about Apptio please visit its website: | apptio.com
42
Predictable Cloud Spend.
Right Sized Resources. Apptio Cloud Business Management provides cost and resource optimization capabilities across all leading public cloud providers (AWS, Azure and Google Cloud) so IT leaders can increase the efficiency of public cloud spending and slash waste from over-purchase and underuse.
Create visibility & control Visualize cost and consumption across multiple providers in a single pane of glass. Optimize resources & decisions Take action on rule-based and machine learning-driven optimization recommendations across compute, storage, and data. Drive accountability Collaborate with cloud consumers to lower costs and increase speed through tagging, governance, and showback/chargeback.
Try it free today! apptio.com/CBM-trial To get started all you need is your cloud provider account credentials, and Apptio does the rest, ingesting provider billing, purchasing detail, and other relevant data.
interview
cybersecurityeurope
As the Head of Cyber Security for leading global underwriters AmTrust International, Ian has an in-depth perspective on the risk landscape. IAN THORNTON-TRUMP IS ONE OF THE MOST IN-DEMAND EVENT SPEAKERS ON the cyber security circuit. Ian is a contributor to the UK Cyber Defense Challenge, and provided the background story for the Extended Project Qualification which was recently endorsed by the NCA. Ian also volunteers at information security conferences, such as DEFCON, as a member of the Security Operations Center (SOC) Goons. Among his special interests are the impacts nation state cyber conflicts have on national economies and commercial entities. CSE: In your Cloud & Cyber Security Expo talk, you’ll suggest that cyber attacks and cyber espionage are manifestations of a ‘policy clash’ between competing national powers or their proxies. Are organisations — commercial and non-commercial – then caught in the crossfire? IT-T: They are, in two important ways. First, as part of the supply chain for those competing nation state agendas; and second, as victims of collateral damage online. Countries are generally functioning as part of a wider network of global service providers – logistics, transport, legal firms, finance. All of these and more industry verticals are not, generally, only indigenous [in their operations]. The Chinese threat actors did not just steal information directly from the opposing US government –
they targeted the entire supply chain, which includes the majority of the large global firms of the West’s defence industrial complex. When nation states irresponsibly launch a cyber weapon, global enterprises with vast networks can suffer collateral damage. The NotPetya ransomware attack – attributed to Russian cyber actors – victimised firms by $2.2bn, according to some estimates. From the information security and global business perspective, countries no
Those years of ‘trying to maintain compliance’ have not thwarted the cyber risk for many companies. longer really exist, and are an antiquated notion. Remember, your data needs no passport or visa to travel around the world in just a few seconds. CSE: What are the ways in which cyber-savvy executive management will become more involved in enterprise security governance and strategy? And what will drive them? IT-T: It’s interesting to see the c-suite and executive boards take an interest in the cyber security governance and strategy – but issues such as regulation, accountability, leadership and liability take a back seat to risk and risk management. I’d say that properly managed
Ian Thornton-Trump, CD, CEH, CNDA, CSA+, CPM, BA is an ITIL-certified IT professional with 25 years of experience in IT security and other information technology disciplines.
44
MORE DETAILS For further information please go to: | amtrusteurope.com
interview
cybersecurityeurope
(or accepted) business risk, with a clear understanding of the impact (and plan) should those risks be realised, reduces the need for excessive concerns on regulation, accountability, leadership and liability concerns. Risk and risk management should push an organisation toward regulatory compliance, institute accountability, build crisis leadership, reduce liability.
CSE: What impacts will the rise of the global cryptocurrencies have on the way in which cyber conflict is waged between digitally-warring nation states? IT-T: Cryptocurrencies are minorly associated with nation-state cyber operations, but don’t form a huge part of an overall strategy, except for two notable groups: possibly Iran and
CSE: You have named User Behaviour Entity Analysis – the integration of AI (Artificial Intelligence) and Machine Learning (ML) capabilities at the network and application level – as a way forward cyber defences. Why will this make a difference? IT-T: Security professionals have identified that detection of anomalous activity is a necessary security capability to detect internal and external malicious actors’ presence in their systems. With the growth in speed, data volumes and network complexity, this analysis is simply beyond human capabilities to conduct. AI/ML are almost the only alternative technologies to keep pace with the growth of business systems and maintain security vigilance. The downside is AI/ML algorithms will only work if a baseline of system behaviour can be established inside the system – the ‘basic’ levels of security controls need to be in place for AI/ML to bring value to a business from a security perspective. Sadly, many businesses struggle to implement and maintain even basic cyber security controls; so, for now, AI/ML driving UBEA algorithms may prove to generate [large numbers] of false positives.
North Korea. Continued international financial sanctions and pariah status have forced both Iran and North Korea to embrace alternative means of obtaining, transferring and converting currency outside of the global financial network. Ransomware attacks have been attributed to North Korean actors; while Iran’s efforts are difficult to directly attribute to the Iranian government – a network of companies disclosed in various indictments, paint a picture of an arm’s-length approach by the Iranian actors. Crypto currencies are attractive to nation states to augment development and execution of cyber attacks by using the anonymous crypto currencies to temporally recruit cyber criminals or freelancers to assist in conduct
CSE: European organisations are often said to be facing a shortage of adequately skilled IT security professionals. Will the integration of AI and ML tools with conventional security technology add to the skills shortage? After all, AI, data science and data analytics experts are also in short supply. IT-T: AI/ML will tend to supplant and replace some existing cyber security technologies. Malware defences are a great example of that as many of these technologies are quickly improving towards automated End-Point Detection & Response solutions which ‘take care’ of malware detections on end-points – with little to no human analyst intervention. Another example,
CSE: Is this because the pace of managerial change is traditionally too slow? IT-T: The speed of change in cyber security is not [necessarily] compatible with traditional approaches to governance and management. The shift in thinking is best expressed as ‘cyber security should not be done to be compliant, compliance should result from cyber security’. Years of ‘trying to maintain compliance’ have not thwarted the cyber risk for any number of companies – and has established the reality of massive loss from cyber crime, cyber espionage.
46
of operations. The anonymous characteristics of cryptocurrencies are certainly attractive to clandestine activities and will certainly be embraced by established and emerging threats.
and it’s been around for quite some time now, is cloud back-up: jobs changing back-up tapes in the data centre have fallen out of fashion. But AI and ML are not the solutions to the skill shortage – they simply change the types of skills that are needed. Cloud security architecture for instance is the ‘new world’ in cyber security. The information security professional that up-skills to cloud technologies from Amazon, Microsoft, Google [and other cloud technology providers], understands how to securely implement them, and the software tools needed to secure those assets will be in very high demand. CSE: You predict that opportunities for cyber crime will decline as organisations move away from legacy systems and their architectures that make it easy for attackers to access valuable data or funds. IT-T: From about 2014 to 2015 onwards cyber crime grew astronomically and prayed upon legacy IT infrastructure at a horrific rate, taking billions out of the pockets of organisations and individuals large and small. Beginning in 2015 and into 2018 saw businesses beginning to rapidly move towards Software-as-a-Service (SaaS) and cloud-hosted architectures. This created the perfect storm. Legacy systems with outdated security technologies could not mitigate on premise attacks and rapid, ill-planned, littleunderstood cloud and SaaS migration projects overburdened and taxed organisations’ security skills and resources to a breaking point. While there was plenty of money to support organisation aspirations for cloud migration projects, very few organisations invested money in up-skilling their teams and purchasing appropriate cloud security technologies. CSE: What was the outcome? IT-T: Cloud security technologies at the time of adoption didn’t exist, were not mature enough and – in the early days – outrageously complex. In the context of organisational defence, the good folk had to fight a war against cyber criminals on two fronts: the cloud and onpremises. The epic projections of the growth of cyber crime in by 2021 are by far the biggest risk for organisations, any organisation. [The cyber economy researcher] Cybersecurity Ventures has projected a $6tn global loss figure by 2021 [up from $3trn in 2015], while Forbes [reported that] growth of cyber crime will be $2tn this year (2019). Whatever projection you want to believe does not matter – what is going on right now is not sustainable for a legitimate organisations – unless you are a cyber criminal, of course! – and so something does have to change!
Remember that your data needs no passport or visa to travel around the world in just a few seconds. CSE: As we move into the 2020s, how will future generations of IT practitioners look back on how cyber security has been practised over the last 10 years? IT-T: Hindsight being what it is I’m sure the IT security practitioners of the 2020s will be highly critical of regulatory compliance efforts based upon suggested best practices, critical of the cyber crime legal system – and aghast at the inadequacies of past security architectures and efforts. I hope and I’ve seen some efforts developing which mandate a basic level of cyber hygiene with specific regulatory measured benchmarks at a global level – if your organisation is doing global business. The current situation is a mess of stated, federal and regional regulations which are strong on ‘must’ direction and have minimal ‘how’ advice, but [that then] tend to focus on substantial penalties for non-compliance. CSE: What sort of security model would you like to see cyber operations/governance progress toward as we move further into the new decade? IT-T: What perhaps is lacking is more of an understanding of the ‘why’ cyber security is needed – [and that] ‘why’ is: cyber criminals are going to try and put you out of business, so an effective, global, and mandated minimum cyber security standard needs to be enforced. If we have penalties that suggest up to 4% of annual turnover can be decided by regulatory authorities, why is there not a minimum 2% of annual turnover required for cyber security defences? Spend 2% to save up to 4% – seems like a pretty good deal to me!
IAN @ CLOUD & CYBER SECURITY EXPO 2019 Tuesday 12 March | 9.55-10.20am | Cyber Threats Intelligence Theatre, Excel London.
47
analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo cybersecurityeurope FEATURE files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc cyber risk cyber security cyber skills data analytics insider threat log files machine learnin malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc cyber risk cyber security cyber skills data analytics insider threat log files machine learnin malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc cyber risk cyber security cyber skills data analytics insider threat log files machine learnin malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc cyber risk cyber security cyber skills data analytics insider threat log files machine learnin malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc
algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat
49
INSIGHT
Radware’s 2017-2018 Application & Network Security cross-industry survey inquired whether respondents intended to invest in solutions that incorporate some sort of AI or ML. Twenty percent of respondent organisations already rely on such a technology for cyber protection; another 25% did so in 2018. These findings suggest that by the end of 2019 close to 50% of organisations surveyed by Radware will ‘leverage AI
AUTOMATED SECURITY WILL FIND A SEAT IN THE SECURE BOARDROOM... capabilities’ within their information security strategy. Their motives include: the need for better security (63%) and simplifying management (27%) and addressing the skill gap (another 27%). (Using these technologies to power competitive edge only scored fourth.)
In fact, if anything, the IRS may be slightly behind the curve in respect to general AI take-up, according to a range of research focused on enterprise implementation of AI and Machine Learning (ML) technologies for defensive cyber security. According research conducted last year (2018) by Enterprise Strategy Group (ESG), 12% of businesses have already deployed AI-based security analytics ‘extensively’, and 27% have deployed AI-based security analytics on a limited basis. ESG expects implementation trends to gain momentum into 2019. An earlier survey conducted by Boston Consulting Group and MIT Sloan Management Review (AI Global Executive Study & Research Report) found that about 20% of companies have already incorporated AI in some offerings or processes, and that 70% of executives ‘expect AI to play a significant role at their companies’ in the early-2020s and beyond. Moreover, investments in AI/ML are driven by a need to consolidate cyber security ‘posture’ (state of readiness), bigger cyber threat challenges, and digital transformation programmes that place an expectation on AI/ML to deliver multiple forms of return on investment (ROI). Radware’s
AI: WHO KNOWS?
LAST JUNE THE US INTERNAL REVENUE SERVICE ISSUED A PUBLIC REQUEST FOR INFORMATION THAT ANNOUNCED ITS BUSINESS NEED FOR AN ARTIFICIAL Intelligence (AI) system to detect and respond to cyber security and insider threats. The specification provided a revealing insight into AI uptake trends; it shows how precisely savvy the agency is to what this cutting-edge technology can deliver. Moreover, it wanted a technological solution that provides ‘role-based access’ that meets the information requirement of ‘senior users and leadership’ – and not something that’s cut-out for the IT crowd alone.
Now Artificial Intelligence can be bolted onto cyber security: many businesses believe it will boost resilience – but can it also improve your threat insight when it comes to addressing those insider threats?
malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit posture shadow IT threat intelligence algorithm artificial intelligence cyber governanc cyber risk cyber security cyber skills data analytics insider threat log files machine learnin malicious threat phishing attack security automation security posture shadow IT threa intelligence algorithm artificial intelligence cyber governance cyber risk cyber securit cyber skills data analytics insider threat log files machine learning malicious threa phishing attack security automation security posture shadow IT threat intelligenc algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit algorithm artificial intelligence cyber governance cyber risk cyber security cyber skills dat analytics insider threat log files machine learning malicious threat phishing attack securit automation security posture shadow IT threat intelligence algorithm artificial intelligenc cyber governance cyber risk cyber security cyber skills data analytics insider threat lo files machine learning malicious threat phishing attack security automation securit
cyber risk cyber security cyber skills data analytics insider threat log files machine learnin
FEATURE
cybersecurityeurope
FOCUS
REASONS FOR AI ADOPTION According to user research by the Enterprise Strategy Group (ESG), there continue to be four compelling factors that drive AI/ ML adoption within enterprises:
29% want to use AI-based cyber security technology to accelerate incident detection. In many cases, this means doing a better job of curating, correlating, and enriching high-volume security alerts to piece together a ‘cohesive incident detection story’ across disparate tools. 27% of want to use AI-based cyber security technology to accelerate incident response. This means improving operations, prioritising the right incidents, and even automating remediation tasks. 24% want to use AI-based cyber security technology to help organisations better identify and communicate risk to the business. In this case, AI is used to sort through loads of software vulnerabilities, configuration errors and Threat Intelligence to find high-risk situations for immediate attention. 22% want to use AI-based cyber security technology to gain a better understanding of cyber security ‘situational awareness’. Security chiefs want AI in the mix ‘to give them a unified view of security status across the network’. ESG research also indicated that only around 30% of cyber security practitioners it surveyed ‘feel like they are very knowledgeable’ about AI/ ML and their operational application to cyber security analytics. MORE INFORMATION | esg-global.com | radware.com
50
most recently-published 2018-2019 Global Application and Network Security Report finds that 86% of surveyed businesses indicated they explored AI and ML solutions. Almost half – 48% – point at quicker response times and better security as two primary drivers to explore MLbased solutions. One-in-five organisations now rely on such a technology for protection; another 25% will do so in 2018. These findings suggest that by 2019 close to half of organisations will leverage AI capabilities within their information security capability. So: what’s motivating this shift? Most obviously, 63% said the need for ‘better security’. Other benefits cited include simplifying management and addressing the skill gap (27% each). The skills gap is somewhat of a double-edged sword for enterprise strategists. It would be comforting to think that automating cyber security operations would free-up valuable IT expertise to focus their skills to address unpatched vulnerabilities or work on new business development support. However, most AI/ML technology still needs some intervention from human managers – such as data scientists, analytics experts, and the like – and some industry-watchers aver that people with these skills are even harder to recruit than IT security professionals. What’s more, most AI/ML tools take time to ‘bed-in’. This means that they may be installed and running for months before they start to deliver positive results, and more time for security teams to act on those results. The shift to AI/ML, therefore, is inevitably a long-term investment designed for long-term paybacks, and not short-term quick wins. This commitment may surprise executives accustomed to thinking of AI as a ‘for tomorrow’ technology that’s not still not ready for mainstream deployment; but in fact, AI adoption had been encouraged by some key shifts in its market maturity. AI/ML functionality is being introduced in support of conventional cyber security investments, rather than as a wholesale replacement for it, as some market-watchers had speculated in recent years. On the plus side, the necessary investment can be spread-out over a longer time-frame than with conventional cyber security solutions. And, it might
be speculated, AI/ML technology will likely develop more slowly than other security technology, so there’s less prospect of it falling behind as threat landscapes change. Next, as mentioned, AI/ML of different complexions is being written into enterprise digital transformation change proposals, so that it is seen as a logical development of a forward-facing cyber security strategy that will help overcome inherent tech problems. It’s probable that many businesses realise that the fact that cyber attackers are exploiting legacy vulnerabilities in conventional cyber defences, some of which could take years to resolve.
growing threats that lurk within Digital transformation could speed-up this process. AI/ML also promise more effective ways to tackle the challenge of insider threats, by helping cyber security teams automate real-time threat detection and the task of crunching through log data in search of tell-tale patterns that show employees are up to no good. Vendors of AI/ML products also realise that, as c-suites and boards assume more responsibility for cyber security governance, they need to sell their solutions in a way that offers quantifiable business benefits in conjunction with IT security assurance. ML analyses data sets to extract algorithms and learning models and apply ‘learned’ generalisations to new situations; it has a controlled capacity to perform tasks without direct human programming. In cyber security, this capability should prove particularly effective for insider attacks and security vulnerabilities that arise from employee mistakes or their unwitting co-operation (or willful collusion) with cyber threats. To claim that AI/ML can help cyber security defences is an acknowledgment of the insider threat problem, because insider threats are now regarded as a significant threat type. As reported in the Autumn 2018 issue of Cyber Security Europe, security breaches due to rogue employees and trusted but vulnerable employees – plus the occasional feckless contractor that works within the security ‘perimeter’ – are a growing concern for security governance. The 2018 Insider Threat Report from CA Technologies is based on a survey of 472 enterprise professionals who range from executives and managers to senior IT security practitioners; organisations of various sizes are represented. The report’s key finds included the fact that 90% of organisations polled ‘feel vulnerable to insider attacks’, but for different reasons. Tellingly, 51% of respondents to the were more concerned about accidental/unintentional data breaches perpetrated by insiders, as compared to 47% whose concern was more for malicious/deliberate insider action. AI/ML-minded organisations compile their own threat intelligence logs when it comes to malevolent insider actions: while not absolutely predictive, it can inform the allocation of monitoring resources.
This way the parts of the organisation where past (known) insider threats have come from (and that could include boardrooms and c-suites) can be the most actively covered security-wise – this makes best use of resources as firms grow. PwC remains confident that AI is set to play an increasing part of the solution; indeed, cyber defence will be many enterprises’ first experience with AI. In its 2018 AI Predictions report, it points out that scalable ML techniques, combined with cloud technology, already analyse large amounts of data and power real-time threat detection and analysis. AI capabilities can also identify ‘hot spots’ where cyber attacks are surging and provide cyber security intelligence that informs governance strategy. However, while AI will become ‘an important part of every major organisation’s cyber security
AI/ML is now being introduced in support of conventional cyber security investments, rather than as a wholesale replacement. toolkit’, as PwC predicts, cyber defence teams should know it will also soon be part of the cyber attacker’s tools as well. ‘Attackers will use AI, so defenders will have to use it too,’ PwC says. Future cyber attacks and counter-attacks will not simply be two sets of advanced computer systems ‘battling it out’. If an enterprises’s IT function or cyber security provider isn’t already using AI, it has to ‘start thinking immediately about AI’s short- and longterm security applications’.
ACCREDITATION Words | James Hayes Photography | Shutterstock
51
CONTRIBUTED
cybersecurityeurope
STEP UP TO CYBER RISKS A multi-step strategy for managing cyber risk can help minimise threat exposure – and ensure speedy recovery if attacks occur. Deloitte’s Maninder Bharadwaj explains. WITH THE RAPID PACE AT WHICH INDUSTRIES NOW ADVANCE, ESPECIALLY DUE TO THE ADVENT OF PIONEERING TECHNOLOGIES, a failure to continuously innovate can jeopardise business sustainability. In such a dynamic ecosystem, cyber security is, of course, a leading international concern, as cyber space turns even more anarchic due to the uncontrolled synergies being unleashed, the low-cost of mounting cyber attacks, and the lack of a comprehensive formal governance framework. The Risk Survey 2018 published by Deloitte India suggests that cyber security will become the leading risk area for businesses by next year, 2020. The ‘pull’ of economic development (free-flowing data) and the ‘pressure’ of national security (increasing cyber threats) are both reflected in cyber security concerns across nations. To maintain the balance, jurisdictions around the world are making endeavors to improve the cyber ecosystem through various initiatives: these include promotion of the digital economy, formulation of new cyber laws and regulations, enhancement of governance frameworks, and an increase in impetus to capacity-building. Businesses and their IT leaders are faced with the challenge of balancing security and risk investments with spending on real business opportunities. The business demands accelerated time-to-market with innovative products and services, often based on new and futuristic technologies such as cloud and social media. On the other hand, IT and
security groups struggle to manage the escalating volumes of information as keeping that information safe in a world that is increasingly mobile and boundary-less is difficult. This hyper-extended enterprise presents new challenges in privacy and risk which are often not visible to the user who is becoming accustomed to user-driven IT where resources are available on demand – such as in the cloud. These ‘New Age’ risks include: Unco-ordinated operations with the third-party consultative expertise. Many organisations do not coordinate with the third-party security consultants during periodic reviews and assessment of the organisation’s security posture. While the experience and expertise of the
Deloitte is Knowledge Partner of it-sa India 2019, where people will come together to discuss and discover the present and future of the IT security industry. The event provides a platform for face-to-face dialogue with customers, lead generation, and opportunities for new business contacts. The it-sa India’s congress
program includes expert talks and panel discussions; it-sa India 2019 draws expertise from parent event it-sa 2019, which takes place 8-10 October in Nuremberg, Germany.
EVENT DETAILS
Bombay Exhibition Centre, Mumbai, 15-16 May 2019. | www.itsa-india.com/home
52
consulting organisation along with the trust it builds decide the effectiveness of the risk assessment/management, the organisation must closely work with the third-parties to keep the work intact, since the lack of context or understanding in any of the areas could compromise the security posture. Organisations that depend on traditional technologies, frameworks, and practices experience challenges with cyber threats associated with the new-generation technologies. Lack of timely review and updates can make the tools, processes, frameworks and best practices turn obsolete in the age of emerging and advanced technologies such as Artificial Intelligence (AI), Machine Learning, and Blockchain. This may have a significant impact on the organisational cyber security posture. The exponential growth of data also contributes to cyber security risk. In many organisations, conventional security deployments such as applications, network devices, servers, end-point security devices, and perimeter security devices, generate huge amounts of data, including security logging. Improper handling of these data would create an impact on any organisation, in terms of confidentiality. We have seen the current approaches that organisations follow while addressing the emergent risks and challenges associated with these approaches. It is highly significant for organisations to maintain a deep defence strategy against the evolution of cyber threats along with the adoption of new futuristic technologies.
For this, a well-integrated, automated and orchestrated risk management lifecycle needs to be deployed that could generate awareness, has the ability to assess, detect and mitigate risk, and protect the organisation from future potential risks. Here’s how such a risk lifecycle would work... STEP 1: DEFINE Organisations must establish a clear understanding of their risk ‘posture’. They must define risks in the context of the organisation size and its market presence by having a risk office for cyber. STEP 2: ASSESS Organisations must adopt a consultative approach for risk adoption and management, and also leverage Maturity Assessments built on relevant uses-cases for risk management maturity levels. This helps us focus the lens on high-priority initiatives where we build the business case and develop the roadmap to take the organisation from its current state to the target state. STEP 3: MONITOR Organisations must integrate new cyber security technologies and operate as an ‘ecosystem’ while adopting and investing in analytical tools with a team that has the requisite skill-sets to understand actionable insights. STEP 4: INTEGRATE It is important to break the silos and to be part of an integrated system and leverage futuristic technologies for better insights and build intelligence. STEP 5: AUTOMATE Organisations must now incorporate efficient automation and orchestration to drive faster response throughout the risk lifecycle. And they must focus on implementation of automated controls, often leveraging technologies where it makes sense, streamlining manual controls, bringing visibility and accountability into the risk management process and implementing program governance, end-to-end, with risk councils so that there is preparedness in the event of a cyber incident. Thus, an integrated approach to risk management enables organisations to defend against the unpredictable threats presented by the prolific growth of data and devices, cloud and consumerisation – and other high-risk factors.
ACCREDITATION Words | Maninder Bharadwaj, Partner, Deloitte India | deloitte.com/in/en.html
53
The cutting-edge AI-based cyber security systems that
B E H I N D E V E R Y C O D E I S A N E N I G M A will protect business systems and critical national infrastructure
in the coming decades has its roots in the
pioneering work of Alan Turing: and his belief that diversity
of thought process be valued as part of team-based
problem-solving is one that resonates still.
cybersecurityeurope
IN RECENT YEARS THERE’S BEEN A SURGE OF INTEREST IN BOTH CYBER SECURITY AND THE areas of Artificial Intelligence (AI) and Machine Learning (ML). This interest is not confined to academic or technical circles, with many high-profile breaches and exciting ML results featured regularly in the mass media. Given this interest, it is not surprising that there has also been an explosion of industry and commercial interest at the junction of technologies – i.e., AI and ML-powered cyber security products – just look at any word-cloud that automatically extracts selected ML terms from the leading cyber security solutions vendors’ website. While mentioning a cyber tech term does not imply that the corresponding solution is used in a company’s product, it does demonstrate awareness and offers anecdotal evidence of products that exist where the two fields intersect. While a detailed explanation of such IT security technologies is outside of the scope of this article, one of the core elements underpinning these algorithmic approaches is, of course, data.
FEATURE
We live in a data-rich world, and this is certainly true in a cyber security context, with IP traffic data from network routers and Domain Name System data, for instance, being available for analysis. Under the auspices of ‘behavioural analytics’ (and in contrast to signaturebased methods for security), such data are often processed and fused, to build ‘black-box’ models of the systems being secured, in order to detect any departures from normality which may be indicative of a pending cyber security attack incident. A data-aligned departure from normality often results in an alert being generated, and cyber security analysts spending their most valuable time trying to ascertain whether the attack was real, or the result of some other factor, such as a new protocol being seen for the first time in a BYOD (bring your own device)-like setting. These data-driven approaches, as our lightweight analysis of the cyber security industry suggests, are becoming increasingly prevalent in cyber products. But the algorithmic deployments often miss one vital source of information: that of the cyber
ALAN MATHISON TURING OBE FRS LONDON, ENGLAND 23 JUNE 1912 7 JUNE 1954
55
FEATURE
cybersecurityeurope
ACTIVITY
PROJECTS FOR OUR TIMES
The Alan Turing Institute runs a range of projects that are designed to tackle important contemporary challenges; they include the many challenges posed by cyber security.
EV
security expert community: purely data-driven approaches of the kind discussed above can be further enhanced to include expert knowledge, thus making them even more effective than before. To illustrate where this point has been used in a world-changing context before, let’s take a step back into history by some 80 years. Alan Turing is famous for his contributions in computing systems and AI (although the term was coined elsewhere). What’s less well-known about Turing’s work is that his wartime success in cracking the Enigma code was due to his insistence that diversity of thought process be valued, and his use of a branch of statistics that explicitly incorporates expert knowledge in a mathematically principled manner. Working with his collaborator the mathematician Irving ‘Jack’ Good (pictured left), an eminent statistician, they implemented what to contemporary minds appears to be the first practical use of a methodology known as Bayesian statistics. The use of this statistical approach went against all major scientific opinion at the time – and we should be thankful that Turing’s self-belief and determination allowed him and his team at Bletchley Park to focus on discovering the right solution to cracking the Enigma code.
diversity for problem solving The defence and security programme at The Alan Turing Institute is at the cutting edge of data science research, working in close collaboration with the Ministry of Defence, GCHQ, Dstl and Joint Forces Command. The long-term projects in this programme – which include understanding conflict in some high-risk populations, revolutionising data analytics with AI, and prototyping innovative cloud-based security software – are providing vital insights and developments to the defence and security community. This longterm work has recently been bolstered by the announcement of a number of shorter, strategically important projects supported by funding from GCHQ. Each up to six months in duration, these projects aim to demonstrate immediate, meaningful impact, and address the key challenges that frame the defence and security programme, including improving cyber security. These six diverse projects at the Institute are being led by worldleading researchers with expertise across a broad range of disciplines that includes: ›› computer science ›› machine learning ›› computational linguistics ›› criminology ›› cryptography ›› international relations and mathematics. MORE INFORMATION | turing.ac.uk/research /researchprogrammes/
56
Working alongside linguists, Turing was able to improve the accuracy of his probability calculations, which sped-up the code-cracking process. Similar probability calculations were used in speech-processing research community until the early 2000s. And, as calculations were at first performed by hand, as their work progressed, Turing’s team introduced simple mathematical concepts (known as the ‘ban’ and ‘deciban’) in order to speed-up humans’ ability to calculate the quantities needed. It is these kinds of collaborations, these kinds of pragmatic interventions, that The Alan Turing Institute is looking to exploit in order deliver value from data and people – thus reflecting Alan Turing’s legacy. Among his many great achievements, Turing also led the way in demonstrating the modern data science and AI disciplines as we know them in 2019 – diversity being a key ingredient in problem solving.
RETUPMOC A RESED DLUOW ELLAC EB OT TNEGILLETNI if it could deceive a human into believing
that it was human
In the context of cyber security, there is an emerging research literature using the Bayesian statistical methodology, inspired (in part) by Turing and his work, which combines knowledge of a threat vector, attackers’ methodology, etc., in order to produce probabilistically quantified representations of the threats facing a network. This additional context (for example, a-priori knowledge of an attacker’s potential lateral movement in a pass-the-hash type context) has been shown to drive greater performance in detecting ‘departures from normality’ – or signs that malevolent agents are at work on a connected system. In addition, by working at the intersection of multiple disciplines, we can better model the complex cyber-physical, human-centric, systems-of-systems which we operate and need to secure. Taking a step back from the technical detail, there is a propensity towards instrumenting the virtual world in which we operate, in order to better understand this world, and ultimately to make it cyber-secure. This leads to some interesting ethical challenges facing senior executives within organisations: is it appropriate and proportionate to collect and analyse personal data (e.g., for an enterprise security system to ‘read’ all email traffic content) for the purposes of security? Is it appropriate to allow a small group of individual employees (an organsation’s Security Operations Centre team, for instance) access to all computer-related data, from which they can build an in-depth intelligence picture (which need not be security related, if they misuse this ‘privilege’)? And is it ever appropriate not to share Threat Intelligence with competitors? How does one share data with third-parties and respect privacy legislation (e.g., General Data Protection Regulation)? These issues (and others) are present in a cyber security context, but also many other application domains too. There are many interesting technical innovations that attempt to provide technical safeguards to minimise risk associated with the foregoing points. These technical solutions need to be complemented by appropriate legal and ethical considerations; this further illustrates the need for diversity in an organisation’s data team, in line with the theme of this article, with the CIO (or appropriate other role) taking strategic responsibilities for these issues as part of an integrative approach to organisational strategy and risk management.
Science of Cause and Effect, it is necessary to produce a model of the world, in order to allow cause and effect reasoning – the kind of support that any business executive would value when deciding pricing strategies, acquisition strategies, competitive positioning, etc. To model the world, one requires expert knowledge of the domain under consideration. This point is also reminiscent of the major themes under consideration here:
Is it appropriate and proportionate for an enterprise security system to ‘read’ email traffic content for the purposes of security?
NEW MODELS OF THE WORLD With the advent of AI as a transformative technology across all sectors, it is becoming possible to answer questions relating to intervention strategies, and in some cases derive answers to counter-factual questions, in order to drive human-like intelligence into ‘computing machine’. (Modern AI relies on complex mathematical modelling of associations between data, allowing narrow predictability, e.g., object recognition in YouTube videos, which does extend to human-like reasoning in the most general setting.) As described in Judea Pearl and Dana Mackenzie’s recent work The Book of Why: The New
the convergence of domain expertise, data, and data scientists will bring early competitive advantage to organisations that embrace the modern information environment in which organisations operate. The Alan Turing Institute is explicitly designed to promote diverse interactions of this kind, and it hopes that this offers a template for progressive dataoriented organisations, in a cyber security context and beyond.
The Alan Turing Institute, the national institute for data science and Artificial Intelligence, is headquartered within the British Library in London. It was created as the national institute for data science in 2015. In 2017, as a result of a government recommendation, Artificial Intelligence was added to the body’s remit. Its mission is ‘to make great leaps in data science and artificial intelligence research in order to change the world for the better’.
ACCREDITATION Words | Professor Mark Briers and Dr. Benjamin Sach, The Alan Turing Institute.
57
FEATURE
cybersecurityeurope
SECURE INDUSTRY
To meet their fullest potential, Industry 4.0 programmes must now apply holistic cyber-savvy thinking to all aspects of the industrial processes to be digitally transformed. WHETHER YOU CALL IT THE ‘FOURTH INDUSTRIAL REVOLUTION’, OR (MORE COMMONLY) ‘INDUSTRY 4.0’, the trend for automation and data exchange in manufacturing technology is closely associated with cyber security. The Industry 4.0 concept originated in Germany (Chancellor Angela Merkel calls it “the comprehensive transformation of the whole sphere of industrial production”), but its ideals have become a flagship European objective. The EU supports the initiative through its industrial policies and through research and infrastructure funding. Member States sponsor national initiatives such as Industrie 4.0 in Germany, the Factory of the Future in INSIGHT
France and Italy, and the Catapult centres in the UK. However, a rapidly increasing number of Industry 4.0 cyber security incidents have emerged in parallel, that have stressed the need to strengthen cyber resilience. This is particularly true for industrial operators who plan to integrate Internet of Things (IoT) functionality and Industry 4.0 applications. The IoT is expected to play a major part of Industry 4.0: by equipping industrial and manufacturing hardware with sensors and other data-gathering technology, it takes digital control to the heart of industrial processes; and it turns a connected robot assembly line into an adjunct of the Internet. In terms of potential threats, the Industry 4.0 concept shares some common risks with mainstream enterprise cyber security, but the damage
These technology trends have sparked the imagination of executives in industry, and drive future visions for the industrial sectors.
‘GOOD PRACTICES FOR SECURITY OF IOT IN CONTEXT OF SMART MANUFACTURING’ Published in November 2018, this ENISA study aims to address the security and privacy challenges related to the evolution of industrial systems and services precipitated by the introduction of Internet
58
of Things innovations. Download a copy at https://www.enisa.europa. eu/publications/good-practicesfor-security-of-iot
59
FEATURE
cybersecurityeurope
outcomes differ. The potential impact of Industry 4.0-specific threats range from physical security compromises and fraud, to mass production downtimes, product spoilage, plant equipment damage. Deloitte’s Industry 4.0 & Cyber Security: Managing Risk in an Age of Connected Production report agrees that the Industry 4.0 revolution brings new operational risk for smart manufacturers and their digital supply networks. With the interconnected nature of Industry 4.0-driven operations, and the pace of Digital Transformation, mean that cyber attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks. It is, therefore, crucial that industrial executive governance officers are apprised of the potential risks at hand. For malevolent cyber risk to be adequately addressed in the age of Industry 4.0, cyber security strategies should naturally be secure, vigilant, and resilient, as well as fully-integrated into organisational and IT strategy from the start. When supply chains, factories, logistics, customers, and operations are connected, the risks posed by cyber threats become all the greater and potentially farther-reaching. “The advanced digitalisation envisaged within the unfolding Industry 4.0 ethos is a paradigmatic shift in the way industries operate – it blurs the boundaries between the physical and digital worlds,” says Steve Purser, Head of Core Operations Department at ENISA: the European security body has published a study on
60
best practices for IoT security, with a focus on smart manufacturing and Industry 4.0. “With a great impact on citizens’ safety, security and privacy due to its cyber-physical nature, the security challenges concerning Industry 4.0 and IoT are certainly significant.” These challenges notwithstanding, some industrial companies have already ‘moved headlong’ into digital transformation strategies, with sector-specific initiatives like Smart Manufacturing (the optimisation of concept generation, production, and product transaction) and Industry 4.0, reports Putting Industrial Cyber Security At the Top of the CEO Agenda, a study by LNS Research: ‘[They have done this] not as technology projects, but for the business opportunities they present,’ the report continues. ‘These technology
The interconnected nature of Industry 4.0 operations does mean that cyber attacks can cause more damage than ever before. trends have sparked the imagination of executives in industry and are the technology enablers, and drive future visions for the industry like Smart Manufacturing, and the Digital Refinery’. Market watchers suggest that the Industry 4.0 commerce will be huge. All told, current analyst estimates for the component markets of Industry 4.0 (e.g., IoT, cyber security, AI) amount to more than $4.4trn by 2020: a massive market, indeed; but, KPMG for one, suggests that, as Industry 4.0 achieves enterprise scale, it will remain to be seen if business leaders will invest such large sums. Even so, the challenge for organisations on the threshold of Industry 4.0 journeys are daunting. For many, it involves a considerable re-implementation and upscale of its core physical infrastructure, new operational procedures, and employee retraining.
when digital gets physical Operational Technology (OT) is hardware/software dedicated to the detecting or causing changes in physical processes through direct monitoring and/or control of physical devices, such as valves, pumps, etc. The integration of OT and IT, Deloitte’s Industry 4.0 and Cyber Security notes, is marked by a shift toward a physical-to-digital-to-physical connection. Industry 4.0 combines the IoT and relevant physical and digital technologies (e.g., analytics, additive manufacturing, robotics, and advanced materials) to complete that cycle.
BRIEFING
POINTS OF CYBER HYGIENE
In the age of the industrial IoT, here are 5 actions executives managers should be aware of and implement to secure their factories and plants against targeted cyber attack.
The Industry 4.0 concept incorporates and extends the IoT within the context of the physical world – the physical-to-digital and digital-to-physical leaps unique to manufacturing and supply chain/supply network processes. It is the leap from digital back to physical – from connected, digital technologies to the creation of a physical object – that constitutes the essence of Industry 4.0 (says Deloitte), which underpins the digital supply network. Digital Supply Networks are an area on which leadership executives need to focus, Deloitte adds, because it is an intersection between business enablement and business-borne cyber risk: industry 4.0 technologies are expected to spur a further evolution in traditional linear supply chain structures by introducing intelligent, connected platforms and devices across the supply ‘ecosystem’: this should result in Digital Supply Networks able to capture data, from points across the value chain, to inform each other. The Deloitte study also notes that blockchain has been proposed as an emergent technology that could help solve some supply network security vulnerabilities. The blockchain model of establishing a historical record for transactions is best known in the example of cryptocurrency Bitcoin, but others have explored ways to use this model to determine the flow of goods from production line through layers of purchasers, and indeed, for the remediation of vulnerabilities in cyber defences (see feature on page 64). A historical open ledger, shared by a community, establishes trust and visibility. It provides protection for buyers and sellers by certifying a good’s authenticity. It also enables the tracking of goods movements for logistical purposes, and for the more specific categorisation of products (than by lots or batches) when handling product recalls or defects, for example. Such costefficiencies play well into c-suite demands for good return on investment. IBM CEO Harriet Green has envisaged scenarios where IoT devices are able to communicate with the blockchain to update or validate smart contracts: “As an IoT-connected item moves along the multiple distribution points, information like location and temperature is automatically updated in the blockchain, allowing members to view the status of the item in real-time, and verify that the terms of a contract are met at each point.” C-suite executives across Europe “are taking notice”, Green says.
ACCREDITATION Words | James Hayes Photography | Shutterstock
Written security policies Draft, review and implement procedures for your industrial facility that will, for example, outline who (including employees and contractors) should be able to access the operations networks in the first place and how, what assets they can access, define acceptable asset use, and define reporting mechanisms for events. Policies should also contain an Incident Response Plan that includes procedures to restore critical production systems after attack. Premises security Some of the most severe damage comes from within, when system access is gained by cyber threats who walk the factory floor. Protect assets with physical access restrictions like locks, key cards, and video surveillance. Where practical, you can also add device authentication and authorisation Holistic approach The protection of critical manufacturing assets requires an approach that uses multiple layers of defence: physical, procedural, and digital (network, device, application) to address different types of threats. Be mindful of the fact that ‘air gap’ strategies are fallible – just because a robotic arm or hydraulic press is not connected to the network doesn’t mean it’s completely protected. Block attackers at the ‘edge’ A critical segment of any company’s network architecture straddles the Internet ‘edge’, where the corporate network meets the public Internet. Secure gateways serve many roles for the typical enterprise network: as facility employees legitimately access the Web and use email for vital B2B purposes, corporate resources must remain accessible and be kept secure. Industry best practices Use industrial automation and control systems cyber security standards, such as the International Society of Automation’s IEC 62443 Certificates, to set-up zones and design schemas to segment and isolate your sub-systems. Create a ‘demilitarised zone’ between your enterprise and manufacturing networks. Sources: Cisco, International Society of Automation (ISA), Cyber Security Europe.
61
FEATURE
cybersecurityeurope
Blockchain can play a role in finding and fixing security vulnerabilities within enterprise defences by powering a worldwide threat hunt validation initiative.
THE LEAST AN EXECUTIVE NEEDS TO KNOW ABOUT MALICIOUS HACKERS IS THAT THEY HAVE TWO BASE MOTIVES: to gain access to unauthorised data, or to block access of authorised data for legitimate user, whether it be through social engineering or brute force attacks on perimeter defences and websites. Currently, cyber security solutions rely on an isolated and custom-made approach to cyber threat management, with limited knowledge sharing between competitive security vendors. Most of the patterns and signatures that aid cyber security software in detecting a security vulnerability are freely available on the public Internet, thus allowing the hacker to have the same knowledge as a IT security solutions vendor. The result is an FOCUS
endless game of cat-and-mouse, with a cyclical race to stay one step ahead. Furthermore, the nature of cyber threats continues to evolve. Tackling them effectively, I argue, now requires more than the standard complement of antivirus protection, firewalls and intrusion detection systems. Meanwhile, however, the cyber security ‘hacking game’ has changed paradigmatically in recent times; after all, what’s the point of going to the trouble of stealing data when you can just corrupt it with malicious code – and still get money in the form of ransom payments? With the mighty legislation of the General Data Protection Regulation – GDPR – making waves across Europe, cyber security consultants are under even greater pressure to secure an organisation’s infrastructure. This pressure couples with the fact that Cisco Systems research reports that there are at least 1m unfilled cyber security jobs to further complicate matters.
It is imperative for all c-suite officers who occupy governance positions to first grasp the role that a blockchain can assume.
EXECS CONFIRM THAT BLOCKCHAIN ADOPTION IS UNDERWAY Research from the consultancy PwC – entitled Blockchain is Here. What’s Your Next Move? – surveyed 600 senior executives in 15 countries and territories, on their roll-out of blockchain and views on its potential. As blockchain
24 62
‘rewires’ business and commerce, PwC reports, the research provides one of the clearest signals yet of many organisations’ fear of being left
Here’s a great word that may (or may not) roll of the tongue: ‘nonrepudiation’. This is the idea that an action or change to data are always associated with a particular unique owner, which also prevents the owner of the data from denying that the change took place without their permission. Why is the understanding of non-repudiation important to the field of threat intelligence, with its concerns of identifying cyber threats to an organisation? Well, the answer lies in the fact that, far too often, cyber security professionals are consumed with trying to understand what corporate data has actually been tampered with before they can target the originating threat. Prevention is better than the cure: if you can prevent your data being corrupted; but what if data could not be tampered with, and the integrity and origin of data could always assuredly be proven to be authenticated with a degree of high confidence? Enter the blockchain principle. Blockchain is a shared distributed ledger technology, a system where a copy of data is shared on maybe thousands of computers. It works at both a public level akin to cryptocurrencies like Bitcoin, EOS and Ethereum, where
behind as blockchain developments accelerate globally, and open-up new opportunities including reduced cost, greater speed and more transparency
all transactions can be viewed on the blockchain and at a private level similar to the ‘Hyperledger’ blockchain (Hyperledger is an umbrella project of open source blockchains and related tools to support the collaborative development of blockchain-based distributed ledgers), but in both cases data is always validated onto a shared database. Fundamentally, it relies on all blocks linking and working together, as opposed to emanating from a central database infrastructure like a website or enterprise application – which is single point of failure and attractive to malevolent threat actors. The principles of blockchain can seem rather difficult to understand at first hearing – but in fact, they are similar
and traceability. Twenty-five per cent of executives report a blockchain implementation pilot is ‘in progress’ (10%) or ‘fully live’ (15%); 32% of respondents have projects ‘in development’ and 20% are in ‘research mode’.
63
FEATURE
BRIEF
cybersecurityeurope
SIMPLE STAGES OF BLOCKCHAIN
Block broadcast through network to each party...
A
A wants to send to B...
to the standard project management procedures that many non-technical executives are adept to. Think of blockchain as a honeycomb construct, where new data transactions or interactions result in a new, additional block. The blockchain cannot be replicated; it can only be added to so that the state of the blockchain is constantly validated by its users who take responsibility for an element of a block. Each new additional block of data that is added to the blockchain is considered to
Transaction known as online ‘block’...
be as important and unalterable as the block that preceded it. An immutable record of what has gone before. In basic terms it’s a database that cannot be tampered with. How much computing power would you need to break a blockchain, one might reasonably ask? Well, by my reckoning, a hacker or hacker network would need to spend approximate $7,880,471,057 on basic hardware costs alone at the cheapest rate to ‘break’ bitcoin. For GDPR and cyber security this blockchain-based approach to cyber security has a transformative advantage. Each piece of data is irrevocably recorded – e.g., akin to the traditional handwritten entries in a ledger. What’s more, this assists the protection of data as specified by GDPR. As the blockchain is in a perpetual state of use and replenish, the data entry points ‘shift’, and this makes it considerably harder for cyber criminals to falsify access – considerably harder. Traditional password protected systems can be scammed with fake passwords or identification certificates, the blockchain moves so quickly and is so geographically- and device-agnostic. That makes it very difficult for cyber criminals to be effective. Blockchain operates on computing power that validates if an entry is authentic, and therefore accepted or denied. It can track assets from entry across an end-to-end transactional journey, supply chain, or other transactional process, etc. There’s another big advantage with blockchain systems in the area of cyber security compliance requirements, where employees and vendors will be able to conduct data transactions that are impossible to be falsified once the record has been written to the blockchain. It greatly enhances the security of a system because everyone can see the data being generated and updated.
community effort, community strength These are just the benefits of the basic proposition. Opportunities exist for innovative developments of the basic principle. A ‘bug bounty’ program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those which pertain to cyber security exploits and vulnerabilities. My company Uncloak’s approach is to create a decentralised, scalable, blockchain powered cyber security management solution that places an emphasis upon the strength of the wider community to contribute to finding vulnerabilities through a blockchain based mechanism. We use the blockchain in the field of a decentralised ‘bug bounty’ which brings together the disparate community of ‘White Hat’ (i.e., ethical) hackers, cyber security experts, bug bounty hunters, and academic researchers; all these people who
64
Block is then approved by network parties...
B
Block can then be added to the chain for a record of the on going transaction...
work on finding and mitigating cyber threats. The user (or customer, if you like), doesn’t see that part of the functionality. For a business that subscribes to Uncloak as a cybersecurity solution, they just turn it on and let it do its job. But for the threat hunters, the IT specialists using the decentralised platform on the blockchain, it connects them to the work of their colleagues located around the world. Furthermore, it works in real-time: so you can have a cyber security researcher in Berlin and a White Hat hacker in London both working on the same problem simultaneously. Maybe it’s a new malware variant, like a virus for cryptojacking (cryptojacking is the unauthorised use of computing resources to mine cryptocurrencies). Both these people have independently detected the virus appearing on the dark web, and they have the ability to work together and be rewarded without any moderation requirements greatly speeding up the ability to neuter cyber threats. As Artificial Intelligence (AI) and Machine Learning (ML) gain traction, and start to impact more and more industries, it’s sure to play a bigger role in cyber security. Because the battle with cyber criminals moves so fast, ML models that can predict and accurately identify attacks swiftly could be a real bonus for cyber security professionals. In the year ahead, these models need to be trained and honed. However, there is also a risk that AI and ML may be exploited by attackers As IBM’s Global Blockchain Offering Director John Wolpert explained In a keynote address at the 2018 Block Chain Conference, “We need to evolve the Internet to become economically aware, and this Internet is not going to be an application, it will be a fabric... [And we] need a fabric that allows for lots of competition on platforms and huge competition on solutions”. Meanwhile, it is important for c-suite officers – techies and non-techies – who occupy governance positions to first grasp the role that a blockchain can assume. This requires a thorough gap analysis exercise in order to understand what intermediary problems are to be solved for the organisation rather than jumping on the ‘hottest new tech’ bandwagon. For example, an organisation needs to consider questions like: Disintermediation is technologically and economically feasible – is it so important as to remove ‘middlemen’ in any of the cyber security processes? Transaction and data verification is required – how highly is the integrity of data regarded in an organisation from a cyber security perspective? Multiple users need to share the data – what is the security requirements around the visibility of the data collected , who needs access to the data? Business processes generally need trust in transactions and a good degree of certainty in results – in an organisation, is it required that data moving throughout an organisation can not be altered? So the use of the blockchain in cyber security sets-up two compelling advantages. First, it will become a fabric by which applications can guarantee that the integrity of data is unable to be manipulated by a cyber threat.
...Transaction moved from A to B
Most patterns and signatures that aid security software in detecting a security vulnerability are freely available on the public internet. Second, at the same time, it ensures that senior strategical executive management teams can be more confident in the knowledge that the data which is recorded onto the blockchain can prevent repudiation during critical times of governance and regulatory reporting – this greatly enhances the auditing process. Blockchain will make its power felt in multiple fields of practice. For many in the IT industry, it represents a pivotal moment in the evolution of cyber security.
ACCREDITATION Words | Tayo Dada, Founder and CEO, Uncloak.
| Uncloak.io
65
sign-off
cybersecurityeurope
EDITOR’S PICKS Whatever your cyber security needs, there’s still time to catch-up with the many solutions being showcased at Cloud & Cyber Security Expo. THE GROWING RANGE OF PRODUCTS AND SERVICES TO BE FOUND AT CLOUD & CYBER SECURITY EXPO DEMONSTRATE HOW THE IT security market is evolving and expanding. Increasingly, defensive solutions apply real-time – or near-real-time – analysis of network traffic to identify malicious activity and pinpoint potential threat actors, such as insider threats and bots – or software applications that run automated tasks over internet channels. OSIRIUM PXM PLATFORM Osirium’s PxM Platform protects access to vital devices and servers on an enterprise infrastructure. It does this by separating users from the credentials that are needed to access those services. Osirium calls this ‘identity in-role out’: the user confirms they are who they say they are, then Osirium presents and provides access to the servers and devices, they can access without ever sharing the credentials used to access them. PxM has three core management features. Session Management records interactions for audit control, investigating support issues or for training purposes. Task Management enables secure automation of tasks that need privileged access (like automating password resets). Lastly, the Behaviour Management function learns what ‘normal’ user behaviour is for the protected devices and highlights unusual activity. Expo Stand | S4345 | osirium.com UPDATES
VARITI ACTIVE BOT PROTECTION The Active Bot Protection solution works on a sevenstage analytical model. First, it lets all of the incoming website traffic pass through a distributed network of Variti filtering nodes. The traffic is then analysed in real-time in regard to multiple characteristics. By means of Variti-developed mathematical algorithms, Active Bot Protection filters automated traffic from queries of real users. Then all requests are classified as legitimate or illegitimate (i.e., from a real user or a bot). The technology then divides traffic from a single IP address. Suspicious visitors are checked unnoticed; an expanded inspection is conducted based on the analysis of behavioural factors. Finally, upon detection of a DDoS attack or an automated scanning threat, Active Bot Protection immediately blocks malicious traffic (response time less than 50ms, Variti says). Expo Stand | S4350 | variti.com
THE NEXT ISSUE OF CYBER SECURITY EUROPE 〉 〉 〉 〉 〉 Don’t miss the next issue of Cyber Security Europe: watch out for regular publishing updates on our website about new editorial content, news updates, forthcoming features, media opportunities, Tech Guide, and more.
66
DETAILS For more information please go to: | cseurope.info
SAVE THE DATE
CYBERSECURITY DOESN’T NEED MORE TOOLS. IT NEEDS NEW RULES. The new rules are changing the way we see security. Visit ibm.com/xforcectoc to find out how.