SPECIAL SUPPLEMENT BY VOLUME 0 3 | ISSUE 0 8 | MAY 2017 The recently announced partnership between Spire Solutions and Endgame beckons a new era in the continuous prevention and detection of zero days, ...... 20 THE GAME OF ENDING THREATS STRATEGICPARTNERSECURITY NATE FICK, CEO, ENDGAME
Unbridle your ingenuity with SonicWall. Innovation starts at SonicWall.com INNOVATE MORE.
• I GISEC GULF" INFORMATION M.c:uRIT'V liXPO Ii Cfl O(f 1 •
04 MAY 2017 YOUR INBOXES, SOCIAL MEDIA PAGE AND WHATSAPP MIGHT HAVE BEEN CLUTTERED with raging news and updates on the new lethal cyber espionage ‘Wanna Cry’ in the past one week. Suddenly, the world seemed to shake of dust from its security clothes and go all around with nonchalant security advises on one hand and passing around all kind of unseen, unsure security practices and Do’s and Don’t’s. The situation zeroes on one question— Was the attack really an unavoidable one? Or were we just unprepared? Quite a few analyst have underlined this fact that it was sheer luck that favored the attackers and there was no sophistication involved in it. Even the money that they made out of it was negligible. But the attack was strong enough to send tremors across the world and put many security standards to shame. It is a wake up call for not only the security vendors but also the entire partner ecosystem and the intricate awareness programs to come out of the bubble and take a trip to the basic security and regulatory standards of patching, upgrading systems, uprooting legacy protocols sitting on the network and having proper sandboxing techniques intact. It is once again that time of the yearThe GISEC/IoTX 2017 is all set to explore a connected future and innovative security solutions for that connected future. Threats can be kept at bay, it is only about vigilance. The various topics that would be discussed around smart cities and smart city security and other facets of data, cyber, national and IoT security will bring some new dimensions in the way we think and react to security. If you are vigilant, you don’t need to ‘cry’! ë EDITORIAL GLOBAL TOTIMEPREPAREDNESS—CYBERTOGOBACKTHEBASICS. PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, @COPYRIGHTUAE 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN. PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE INFO MEDIA ANUSHREE DIXIT Assistant anushree@gecmediagroup.commEditor EXECUTIVE DIRECTOR: SANJIB MOHAPATRA MANAGING DIRECTOR: TUSHAR SAHOO GROUP EDITOR: SANJAY sanjay@gecmediagroup.comMOHAPATRA M: +971 555 119 432 ASSISTANT EDITOR: ANUSHREE RONAKSALESINFO@GECMEDIAGROUP.COMSUBSCRIPTIONSDESIGNER:LEADVISUALIZER:NIZAMUDDINBUSINESSREPORTER:anushree@gecmediagroup.comDIXITDIVSHABHATdivsha@gecmediagroup.comCONTENTDEVELOPER:AISHAKHANaisha@gecmediagroup.comMANASRANJANVISUALIZER:DPRCHOUDHARYAJAYARYAANDADVERTISINGSAMANTARAYronak@gecmediagroup.com M: + 971 555 120 490 SARAsara@gecmediagroup.comJASSIM M: + 973 66 707 505 KHYATIkhyati.mistry@gecmediagroup.comMISTRY M: + 971 556 557 191 SOCIAL MARKETING & DIGITAL RICHAPRODUCTIONYASOBANTCOMMUNICATIONMISHRAyasobant@gecmediagroup.com&CIRCULATIONSAMANTARAY + 971 529 943 982
COVER STORY CONTENTS The threat landscape in the Middle East is rapidly evolving and in this increasingly digital environment, organizations have to maintain a sharp focus on cost-effective and innovative ways to meet their complex IT demands. MANAGING SECURITY IN THE DIGITAL ERA14 CISO SPEAK IT’S ALL ‘SHARING’ABOUT 12 GUEST ARTICLE HOW PROTECTTO BOTNETFROMORGANIZATIONYOURTHENEXT 24 GUEST MIDDLESOLUTIONSTECHNOLOGYCYBER-SECURITYEND-TO-ENDARTICLEACROSSEAST 33 CISO SPEAK ALL HANDS ON SECURITY! 18 05MAY 2017
06 MAY 2017
Player 3 Has Entered the Game: Say Hello to ‘WannaCry’ EXPERTSSECURITYGLOBAL GISECCONVERGETOAT2017
RADWARE SIGNS BULWARK
Bulwark Technologies has expanded their security specialized product portfolio by signing a distribution agreement with Radware.Under the agreement, Bulwark will sell, implement and support Radware solutions through its wide network of channel partners in the region. Mr. Jose Thomas Menacherry, Managing Director, Bulwark Technologies says, “Bulwark is excited to work with Radware for application delivery solutions in the Middle East region and as a distributor partner we would be offering our value-added services such as pre-sales, channel enablement to integrate and instruct the channel to create the demand for the technology.” AS
Cyber security experts from across the region and globe will discuss, debate and highlight the latest smart cities technology and service innovations at the Gulf Information Security Expo and Conference which will run concurrently with the Internet of Things Expo from 21-23 May at Dubai World TradeGISECCentre.2017 will host more than 500 international delegates and 75-plus highprofile speakers from entities including GCHQ, the UK Government’s Communications Headquarters, the US Cyber Consequences Unit, HSBC, EasyJet, Wells Fargo and GSK among others. More than 6,000 visitors are expected across the three-day events.“AsDubai and regional cities pursue their ambitions to become smart cities that are more DWTC.&President,LohMirmand,greatereration,becomecybersecurityinterconnected,issueshaveacriticalconsid-whichrequirevigilance,”saidTrixieSeniorViceExhibitionsEventsManagement,
STREETCHANNELTECHNOLOGIES
MR.VADJOSE
Cisco Talos has observed WannaCry samples making use of DOUBLEPULSAR which is a persistent backdoor that is generally used to access and execute code on previously compromised systems. This allows for the installation and activation of additional software, such as malware. This backdoor is typically installed following successful exploitation of SMB vulnerabilities addressed as part of Microsoft Security Bulletin MS17-010. This backdoor is associated with an offensive exploitation framework that was released as part of the Shadow Brokers cache that was recently released to the public. Since its release it has been widely analyzed and studied by the security industry as well as on various underground hacking forums.. Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Talos will continue to actively monitor and analyze this situation for new developments and respond accordingly It is important to note that this is not a threat that simply scans internal ranges to identify where to spread, it is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet.
THOMAS MENACHERRY, MANAGING DIRECTOR, BULWARK
Introduce Integrated Partner Program MCAFEE SHOWCASES INCREASED COMMITMENT TO CYBER THREAT RESEARCHSTEVEGROBMAN, CHIEF TECHNOLOGY OFFICER FOR MCAFEE LLC
Symantec is bringing two separate partner programs into one rock-solid program designed to give partners more opportunity for growth and profitability. This spring, Symantec Secure One, will be even easier to navigate based on two competences – Core Security and Enterprise Security – for the combined enterprise portfolio. Partners will have a huge opportunity to cross-sell and up-sell, providing the mutual customers with leading solutions to solve the world’s biggest cyber security problems.
McAfee’s new investment will focus on investigations of the global threat landscape’s most sophisticated cyberwarfare and cybercrime campaigns. McAfee will also increase its engagement with law enforcement and academia, including coordinated efforts to take down criminal networks, develop new approaches to fighting cybercrime, and recruit more young people to join the ranks of cybersecurity professionals. As a proof point of this commitment, McAfee released evidence that a series of Shamoon malware campaigns targeting Saudi Arabia are the work of one coordinated force of attackers, rather than that of multiple independent renegade hacker groups.“Campaign investigations complete our triad of research capabilities focused on keeping the digital world safe,” said Steve Grobman, Chief Technology Officer for McAfee LLC. “McAfee is committed to bringing together world-class threat intelligence, vulnerability research, and investigative expertise to provide customers more insights into how specific malicious actors develop and wage cyber-attacks.”
08 MAY 2017
EHOSTING DEFENSELAUNCHESDATAFORTCYBERCENTRESymantec to
eHosting DataFort launched its Cyber Defense Centre in Dubai Internet City. The CDC comes at a crucial time when organizations in the Middle East are faced with advanced and persistent security”eHDF’sthreats.CDC deploys advanced security intelligence and automation tools to help identify threats more quickly and with greater accuracy and precision. Our CDC teams deliver threat hunting services using a combination of Threat Intelligence and end point technologies that allow us to detect more complex threats that may be dormant in a customer’s environment,” said, Yasser Zeineldin, CEO, eHosting DataFort. The CDC services assist customers in the complete security lifecycle, which starts with log collection, network access control, advanced sandboxing, remediation and incident response. Incident management offers a single dashboard of a customer’s security posture, attacks, and incidents. In addition, the unique OPEX based approach allows eHDF to pass on tangible cost benefits to customers planning to enhance their security posture. Replacing the need for capital investments, through eHDF’s, OPEX model, customers eliminate the need for lengthy evaluation and procurement cycles and enjoy ongoing flexible monthly based payment plans.
Other key initiatives include transitioning Opportunity Registration to a front-end discount only, which ensures that the financials of doing business with Symantec will be more predictable moving forward. Symantec is also creating new opportunities to earn with a Platinum Performance Rebate, Renewal Incumbency and by enabling partners to submit an unlimited number of activity proposals for Symantec Partner Development Funds. With a $30 billion dollar opportunity in cyber security, Symantec will see massive growth potential in the industry this year.
Another key component of the CDC is to focus on customers having distributed workloads which could be hosted either on premise, Public Cloud or a locally hosted Data Centre. In these situations, we are able to provide customers with end-to-end visibility of their infrastructure and protection of their information assets regardless of their location. The CDC offers the SIEM platform on a pay-as-you-goservice model, for companies who have not invested on this technology. Simultaneously, for customers who have already invested in SIEM, eHDF provides on-premise Remote Monitoring Security Services.
99% of ransomware starts with phishing emails. No problem, employees don’t click those. Take back control and make email safer for business Stop Malicious targeted email attacks with Mimecast Targeted Threat Protection. A cloud solution that: • Protects from Malicious URL’s • Protects against Social Engineering and impersonation attacks • Provides layered defence from malicious email attachments • Protects from internal email threats .com www.mimecast.com
LogRhythm’s approach to TLM connects people and processes across the security operations organization with the ultimate goal of & A
WORKSHOPSTRANSFORMATIONSTOCOLLABORATEADSICHOSTDIGITAL LOGRHYTHM NAMED
Institute on IT security infrastructure found that 40% of UAE based respondents said their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Nearly 79% of business respondents said that some of their existing security solutions are outdated and inadequate.
LogRhythm said that Forrester Research, Inc. named it a Leader in The Forrester Wave: Security Analytics Platforms, Q1 2017 report. The study evaluated 11 vendors based on 36 criteria, including current offering, strategy and market presence.LogRhythm’s Threat Lifecycle Management Platform delivers a collection of aligned security operations capabilities that deliver deep and broad visibility across the distributed information technology environment and enable organizations around the globe to rapidly detect, neutralize and recover from security incidents.
10 MAY 2017
KAMEL HEUS REGIONAL MANAGER MEA- CENTRIFY CHRIS PETERSEN, CHIEF TECHNOLOGY OFFICER, SENIOR VICE PRESIDENT OF R&D AND CO-FOUNDER AT LOGRHYTHM
The Internet’s global reach, ease of access, apparent anonymous communication and virtually unregulated environment are readily exploited by criminals and can make it harder and more time consuming for law enforcement to identify suspects of cyber crime.Trovicor solutions perform advanced data generation, fusion, analysis and visualisation, dramatically speeding up criminal investigations and transforming traces extracted from electronic communication, transactions and interactions into reliable actionable intelligence. Trovicor help law enforcement to detect corruption, by facilitating an investigation to monitor and analyse mass amounts of data, uncover suspicious communication patterns and identify the suspects involved. Through analysing any text based data including emails, IP traffic metadata, SMS, website content, law enforcement are able to collect vital evidence and build up detailed profiles of the suspects required for use in court in order to bring them to justice.
“We anticipate that our commitment to innovation and customer success will continue to sustain us a leader in powering next generation SOCs” said Chris Petersen, CTO, SVP of R&D and Co-Founder at LogRhythm. “
CRIMINALS BY THECENTRIFYCOLLAR IMPLEMENTS PIM BEST PRACTICES TO COMBAT RISK OF BREACH
Arthur Dell, Director, Technology Services, MEA, Citrix said,”The UAE’s constantly evolving cybersecurity threat landscape requires a new, more flexible IT security framework - one that extends beyond traditional fixed end-point security approaches to deliver threat detection and protection of apps and data at all stages. Citrix is committed to delivering robust solutions that are designed with data security in mind.”
LEADER IN SECURITY ANA LYTICSTROVICORPLATFORMSTAKES
Centrify is making significant enhancements to its best-in-class privileged identity management (PIM) solution to stop breaches that abuse privilege. By minimizing the attack surface and controlling privileged access to the hybrid enterprise, Centrify’s new capabilities enable organizations to move from static, long-lived privilege assignments to a just-in-time model where advanced monitoring detects and alerts in real-time on the creation of backdoor accounts that make it easy to bypass a password vault. Securing privileged access in today’s hybrid enterprise is mandatory in achieving a mature risk posture. According to the The Forrester Wave: Privileged Identity Management, Q3 2016, 80 percent of breaches leverage privileged credentials to gain access to the organization.
The LogRhythm TLM Platform combines leading-edge big data technology and machine learning to deliver next-gen security information and event management, log management, endpoint monitoring, Network Behavior Analytics, User Entity and Behavior Analytics, and Security Automation and orchestration capabilities in a single end-to-end platform.
MICROSOFT
CYBER reducing the mean-time-to-detect and the meantime-to-respond to cyberthreats while keeping staffing levels flat.
Synchronized Security A revolution in threat protection It´s time your security solutions started talking. Visit Sophos at B-100, Hall ZABS in GISEC 2017 21st to 23rd May Synchronized Security is a best of breed security system where integrated products dynamically share threat, health, and security information to deliver faster, better protection against advanced threats.
IT’S ALL ABOUT ‘SHARING’
HASAN ISAM NASER, CISO SHURA COUNCIL, BAHRAIN
CISO SPEAK 12 MAY 2017
“The skill shortage in organizations is one of the biggest reasons in lack of security awareness. The worst part is that people who are not skilled will not admit it.”
In today’s world, what all does an organization need to be secure? Believe me you can be secure with excel only. You don’t need to buy latest firewall, hardware, security features, you can be secure organizations using word and excel. Simply you need to increase the awareness among employees. And when I say increase awareness, I don’t mean just send an e-mail to them. Bring them into a class, force them to stay after working hours and say I want to teach you awareness.Theeasiest thing to be done to social engineer you on people. I will simply do one thing. I will send a fake attack. I will play a game with my management and I will send phishing attack or fake attachment and see how many people will open it, how many people will install this software, how many people will click on the link. This is the only way you can find and you will not believe that top managements, sometimes are weaker than the lowest employees. Everyone is respected in his own position. But sometimes the top management, they tend to ignore awareness, they tend to ignore anyone who want to speak with them, teach them about technology, about security. When you are speaking with a COO of a big organization, even verbal communication can be dangerous. He can reveal information without knowing. Now, when I am speaking with you, unconsciously, I will be speaking about things which I shouldn’t be speaking but I am paying attention to what I am saying. Awareness is the first need to be done and ensure that you are maintaining compliance with the organization. I will not speak about standards, I will not speak about best practices, I can’t bring those anytime. Is end to end security a possibility? Never. You hear a lot about viruses, malwares, adware’s, etc. Believe me, this year is causing millions of attacks, millions of dollars to be lost and stolen. There is something called file less. So, now how does an antivirus work? The antivirus will scan the files to see if there is a foreign object or software. How can you scan this, how can you avoid such attacks? The attackers are always one step ahead. Today, I was reading an article about 800 million stolen from ATM’s using file less attacks. They get the ATM infected, steal the money and when the experts investigate, there is nothing to be investigated. With file less, remove the power and everything is gone. There is no power, there is no data. This is the latest type of attacks, file less attacks. How can you avoid this? You need awareness. You being a CISO, what would be your one recommendation to your regional colleagues? I would say, simply share information. Most of the organizations, banks and big companies are scared of revealing that they have been attacked. Its normal. Getting attacked means you are successful. If organizations share information about security attacks, about how they are dealing with attacks, others can think of precautions. Or if they have been attacked, they can learn from others how to fix it, how to avoid it. Everyone is buying new technology, spending money, losing money because I do not want to admit that I have a problem. If I have a weakness, I got attacked, I don’t know how to fix it, that is normal. I cannot be the superman who knows everything about technology. So, we both studied a book and then we share our learning key points. Most probably you have something I don’t have and I have something you don’t. Mixing these points will come up with bigger understanding of this book. This is my idea. Share. If it is government, banking or
THE NEXUS OF GCC COUNTRIES FOR FUTURE ECONOMY Unveiling the investments, roadmap, technolgies and key infrastructure pillars that put GCC on the map of global competitiveness www. gec360.org ORGANISED BY DEC 2017 FORUM 2017 CRITICALTHE INFRASTRUCTURE BROUGHT BY
The threat landscape in the Middle East is rapidly evolving and in this increasingly digital environment, organizations have to maintain a sharp focus on costeffective and innovative ways to meet their complex IT demands.
THE RISING NEED FOR MSS Today, due to the activity of cybercriminals, the number of attacks is growing and the operating tools and methods are constantly evolving. IT security has become a power weapon as cyberat-
Managed Security Service Provider observe the growing need to combat complicated attacks. Every organization must assume it has been targeted and deploy the right resources to secure their network from increasingly sophisticated cyber-threats. Starting from the most senior level, businesses must make cyber security a business process, and deploy cyber security solutions that cover the entire attack continuum – before, during, and after a cyber-attack.
n BY: DIVSHA BHAT <DIVSHA@GECMEDIAGROUP.COM> n PHOTO: SHUTTERSTOCK DIGITAL ERA MANAGING SECURITY IN THE COVERSTORY
14 MAY 2017
YOUHELPCANMSSP’SGOOD n Maximize your ability to block threats n Identify threats before a breach occurs n Reduce costs n Keep you protected all-round the year n Remove complexity from security operations
“IT Security can’t be a fit it and forget it solution. The paradigms of what is safe and what is not changes every day, so organizations must formulate a foundation of security practices and then upgrade it all the time.
Enterprises are beginning to migrate to these top-level managed security services. This transition will accelerate over the course of the year, preparing the overall market to shift towards next-generation solutions within the next few years” said Yasser Zeineldin, CEO, eHostingDataFort.
FUELLING THE GROWTH OF MSS Researchers agree that the industry of managed security services will continue to grow further. Managed Security Services Market Report, published by Allied Market Research, forecasts that the global market is expected to
tacks have become highly sophisticated. It is important for organizations to make the right investments and have the right approach in place to segregate valuable network resources.
15MAY 2017
SERGEY OZHEGOV, CHIEF EXECUTIVE OFFICER, SEARCHINFORM. YASSER ZEINELDIN, CEO, EHOSTING DATA FORT “MSS help to reduce the costs associated with building its own security infrastructure and related operating costs, such as hiring and training staff, purchasing and updating software” “The rise in cybercrimes and threats, rising need of meeting compliance, and data protection laws are contributing towards the growth of the MSS market in the region” TOP TRENDS OF MANAGED SECURITY SERVICES 2017 drivenIntelligencesecurity Cloud Opportunities and Cloud BecomeCustomer’sSecurityNeedsWillFirstPriorityForMSP’sTheInternetofThingswillcontinuetogrowNewtechnologyadvancements 16 MAY 2017
SCOTT MANSON, CYBER SECURITY LEADER FOR MIDDLE EAST AND TURKEY, CISCO
An MSSP can help in many ways and can be a benefit to an organization. With an MSSP, expanding the security capabilities is easy.A good Managed Security Service Provider tries to meet the challenge to include the right technology while also enabling the cost savings by reducing capital expenditure, staffing and training needs. A MSSP aides in troubleshooting for very critical issues. Troubleshooting is often both urgent and time-consuming. A MSSP can relieve this sudden rush of work and communicate with internal staff as needed to an appropriate resolution. A MSSP can provide 24x7x365 coverage. A good MSSP will have sufficient resources to provide remote management and monitoring. This can translate into handling your needs around the clock.
Among various data security applications, endpoint security application would grow at the fastest CAGR of 24.5% during 2014-2020.
“We believe that to defend against advanced attacks and thrive in today’s digital world, we need more effective security. Security that is simple, open, and automated” than variable capital expenses. Hence, they are looking for cost-effective solutions that provide round-the-clock security, and Managed Security Services perfectly fits the bill” added Yasser.
To fight the current challenges in cyber security, an organization needs advanced knowledge. Managed Security Service Providers can provide that support to help the cyber security talent shortage. The high cost of qualified info-security specialists, as well as their shortage around the world, has led to the situation where more companies are using Managed Security Services.
“With the shortage of cybersecurity talent in the region and the rapid evolution of the threat landscape, many organizations are seeking solutions that provide necessary expertiseand serve as predictable operating expenses, rather
“I think the main thing that should characterise MSPs is an impeccable reputation, competent staff, and the latest, most effective tools for protecting customer information.It’s simple.
DO I NEED A MSSP?
COST AND SHORTAGE OF SECURITY TALENT
17MAY 2017
“We’re living in a world that’s more interconnected and mobile than ever before, and in many ways more individualized. People work from many locations, not just the office, and they’re using the devices they choose. An employee could be using a tablet on an airport’s public Wi-Fi network, a laptop on a customer’s network, or a smartphone outdoors. These changes are making the network more complex, and opening the door to new threats and attacks” said Scott Manson, Cyber Security Leader for Middle East & Turkey, Cisco.
Reputation is a must-have virtue for such companies, as all customer relations are built on that. Naturally, reputation is the main risk of an MSP company, as well as its main asset.The newest technology and high efficiency are the reasons why customers work MSS companies, instead of expanding their own info-security departments” said Sergey Ozhegov, Chief Executive Officer, SearchInform FINALLY Managed security service providers offer a strong option for IT security personnelwho are looking for new solutions to their cyber security risks. More and more organizations are realizing that outsourcing IT is the best. The organizations are doing this not just to reduce expenditure but they see MSSP as a true service. They are opting for Managed Services to eliminate the risk, to support compliance and to adapt to cloud services. ë garner $40.97 billion by 2022, registering a CAGR of 16.6% during the period 2016-2022. Digital transformation from the Internet of Things edge to the cloud is increasing the complexity enterprise networks and expanding the attack surface as the traditional perimeter disappears in the next wave of distributed network segmentation and virtualization. The managed security services market focuses on various applications which include managed IPS/IDS, DDoS, firewall management, endpoint security and others.
“Although there’s no quick fix for the skills shortage, the reach of the existing pool of skills can be extended through managed security services. Many organizations used to think they needed to hire staff for cybersecurity, but what’s beginning to happen now is that security is starting to be outsourced to managed security providers. Clients typically want the provider to be a force multiplier for their workforce by adding eyes on screen to look at security data” said Scott.
n Certified by globally accepted accreditations that acknowledge his \ her experience and demonstrate his practicum in various security domains, risk management, security management, etc.
HEAD OF INFORMATION SECURITY INCIDENT MANAGEMENT (DFIR) AT BANQUE SAUDI FRANSI
Totally agree on all spectrums. Cyber space or our connected world was built to link us but security was not a consideration at that time. Security can’t be a one-man-show where a magical move makes everything better and charming. It’s more of an ongoing process of tireless efforts striving to minimize risks to lowest acceptable \ manageable level. Hence, everyone’s hand is required.
n Today’s CISO should have come from a technical background, i.e. did some hands-on in a certain point of his career as this will allow him to understand current technologies and how could they properly fit in his \ her vision.
CISO SPEAK 18 MAY 2017 ALL HANDS ON SECURITY!
How has the role of a CISO evolved over the recent times?
n
The classic role for CISO is a Security Manager (IT, or Systems in general), looking after security controls deployments, bridging gaps with IT, and strengthening systems resilience. Then, there was a shift towards information where security teams became Information-Security-Centric. This allowed CISOs to come closer to the meaningful information and how to secure it, at any tier of the famous triad of people, process and technology. Eventually, now, CISOs are more of business-centric, business-enablers, and indeed business-drivers. They meet with business lines more than they do with systems admins, DBAs and network engineers. They believe in securing holistically, not micro-focused.They are not fire fighters in terms of finding bugs and applying mitigations but rather risk postures’ driven, sailing conscientiously to maintain an all-time acceptable risk exposure.
ALMOZAIYN,MOHAMMED
The grave concern is not the shortage on its own but rather the solutions to address it.
Tactical steps like insourcing \ outsourcing some cyber security functions for example, may slightly improve the situation but will expose to possible further risks like compliance and regulatory requirements, insider threat, and lack of unified standard. On the other side, strategic programs proved itself effective. We need to see more academic degrees by sound technical colleges and universities, hands-on training offerings organized in the region, reputable conferences with practical workshops, and finally talent acquisition and, perhaps more importantly, talent retention programs.
Knowing and speaking the risk language; clearly stepping away from “technology is the solution” to “effective risk management is a key step forward”.
How grave is the skill shortage problem in the region? The cyber security skill shortage had always been there and would always stay there with varying ratio, influenced situationally. It’s not an unavoidable fact that is part of our everyday business and we need to deal with it to mitigate its resulted risk.
Business exposure, like having MBA or business executive training, or having a previous exposure to business operations in terms of assessments and security reviews.
How should a CISO resume look like for 2017? To make it short and practical, I can think of five criteria:
Security can’t be a one-man-show where a magical move makes everything better and charming. It’s more of an ongoing process of tireless efforts striving to minimize risks to lowest acceptable \ manageable level. Hence, everyone’s hand is required.
n
n Rich, I mean very rich, in soft skills such as stress management, time management, conflict management, effective negotiation, effective communication, and emotional intelligence. ë
Security is a ‘Shared responsibility’. What is your point of view in this?
OFTHEENDINGGAMETHREATS
The recently announced partnership between Spire Solutions and Endgame beckons a new era in the continuous prevention and detection of zero days, malwareless attacks, and ransomware in time to stop information theft. According to the Endgame gospel, when defensive technologies kneel down before the modern sophisticated attacks, it becomes a mandate to disrupt the attack lifecycle before the Indamage.conversation with Nate Fick, CEO, Endgame.
Tell us about Endgame and your competitive edge as a unique EDR solution provider?
PHOTO: SHUTTERSTOCK
Based upon some of your case studies, how were you able to detect ransomware that bypassed defensive security solutions? Using Endgame, a large educational institution with over 1 million devices detected and stopped ransomware before damage or loss of critical assets. The ransomware attack included a method called persistence, which is a technique that bypasses signature-based defenses and allows attackers to maintain access to a system even after a system reboot.
Endgame stops targeted attacks that bypass enterprise defenses, such as the recent Shamoon or Dridex attacks. We stop these attacks with a single agent that replaces all other host defense agents. Unlike other solutions, Endgame stops all attack types before data damage or theft, eliminating costly IR and forensic retainers.
Endgame’s platform operates under the premise that enterprises are under a constant state of breach, and as a result, they need security products that anticipate and evict attackers before damage and loss of critical assets. Our endpoint detection and response platform monitors activity throughout the cyber attack lifecycle to prevent compromise from advanced attacks, detect ongoing or resident attacks, and automate the hunt for the next generation of attacks - all with a single, unified agent. Our stealth sensors operate on hundreds of thousands of endpoints to continuously monitor and alert for malicious activity so that attacks are stopped at the earliest possible moment. Endgame allows security analysts - regardless of experience, to easily understand and remediate threats without disrupting normal business operations.
To give some interesting piece to the readers, take us through your detection and response pattern. How do you smell the threat, how do you go behind the burglar and how do you grab him by the collar?
n BY: ANUSHREE DIXIT <ANUSHREE@GECMEDIAGROUP.COM>
n
Taking a quote from your website, ‘To prove everyday by stopping breaches that Endgame is the only endpoint security product our customers will ever need’. What is the claim behind this statement? This quote is our vision statement, or the potential that we aspire to attain as a company in the future. The statement expresses our commitment to customers that we will work tirelessly to challenge the status quo of what makes a good security product - so that we will be the only security product that our customers ever need.
NATE FICK, CEO, ENDGAME
Endgame MalwareScore stops 99% of malware and malwareless attacks, including powershell and malicious macros
The ransomware attack included a method called persistence Bypasses signature-based defenses and allows attackers to maintain access to a system even after a system reboot. thatgeneratedmalwaresignature-lessEndgame’sengineahighconfidencealertthesystemwasinfected The businessdisruptinghiddenremediatedanalystsecurityimmediatelythethreatwithoutnormaloperations.
Endgame’s malware detection capability achieved a 100% efficacy rating with no false positives during an indepen dent evaluation with SE Labs.
TRADITIONAL SECURITY
ENDGAME VS SOLUTIONS
22 MAY 2017
Using Endgame, a large educational institution with over 1 million devices detected and stopped ransomware before damage or loss of critical assets.
Endgame reduces the time, cost and complexity of traditional incident response by instantly detecting techniques and patterns used by ransomware and memory resident malware at the earliest and all phases of the attack lifecycle, without indicators of compromise.
Endgame stops advanced attacks across 50,000 endpoints in less than 5 minutes, with the people you already have 99%100%50,000 SUCCESSFUL IMPLEMENTATION
the time, cost and complexity of traditional incident response by instantly detecting If you could give some statistics, how is Endgame solutions superior or competent to traditional security solutions?
In the short time since we announced our partnership with Spire, we’ve experienced a tremendous increase in interest in Endgame from the Middle East. Spire adds value for Endgame in the following ways (1) a presence on the ground in the region (2) access to a large market, and (3) a roster of professionals who are experts on security and Endgame’s advantages who can help customers install, deploy, and manage the software.
How has Spire helped you in having a wide footprint in the Middle East market?
One of the things we noticed as soon as we began working with Spire is that they have very strong relationships with their clients. Clients trust Spire staff, and trust is the basis of all relationships. Spire’s success across the region is a testament to the professionalism and expertise at which they conduct themselves. It’s clear that clients see Spire as a trusted advisor, which is crucial for Endgame to achieve a wide footprint in the Middle East. ‘Security is a shared responsibility’— How well do you gel with this idea? We firmly believe in a shared responsibility when it comes to tackling advanced threats. Cybersecurity is - and will be - one of the largest challenges of our time, and it takes a community of professionals working together sharing successes that better optimize people, process, and technology in order to address the magnitude of this threat.
A recent report calculated that the addressable cybersecurity market in the Middle East will top $22 billion by 2022. The threat landscape in the Middle East is ripe for innovation and a security solution addresses three pain points: speed, simplicity, and scale. For speed, we mean stopping advanced attacks before damage and loss of critical assets; simplicity: to stop these attacks with the people and resources you already have, and scale: across all enterprise endpoints.
n Endgame stops advanced attacks across 50,000 endpoints in less than 5 minutes, with the people you already have n Endgame’s malware detection capability achieved a 100% efficacy rating with no false positives during an independent evaluation with SE Labs.
23MAY 2017
n Endgame MalwareScore stops 99% of malware and malwareless attacks, including powershell and malicious macros
As a testament to our commitment to this responsibility, Endgame recently joined the Anti-Malware Testing Organization (AMTSO) to develop scientifically objective and statistically significant third-party testing for next-gen security products. ë
Tell us about your partnership with Spire Solutions? How have they enhanced your portfolio and added value to it? And which are the markets that Spire takes you to?
In your white paper titled ‘Hunting with Prevention’ (SANS Institute) you had mentioned about looking beyond events and actions as a part of the bigger cyber kill chain. How grave is this kill chain? The kill chain, otherwise known as the attack lifecycle, is a widely used term in the security community to describe the different stages that an attacker must go through to access and steal information from an Endgame’sorganization.platformprevents or detects all attacks across the kill chain at the earliest possible moment before damage or loss of critical assets occurs.
How do you perceive the threat landscape of the Middle East region?
Endgame’s signature-less malware engine generated a high confidence alert that the system was infected, allowing the security analyst to immediately remediate the hidden threat without disrupting normal businessEndgameoperations.reduces
n Use a password manager if necessary and change the default passwords for all the network devices and ensure that the new password is a unique and complex
Best way to protect your organization and home
n Do not enable UPnP on your firewall or router. This protocol enables devices to open ports on your firewall on demand without your knowledge increasing your surface area of attack.
24 MAY 2017
PROTECT YOUR ORGANIZATION
ARTICLEGUEST
n Email attachments - Malware is often delivered as an email attachment as part of a spam or phishing campaign that attempts to have the user execute the attachment to kick off the initial exploit n Web sites - Compromised websites often contain malware that can be silently executed by the browser, kicking off a chain of events that HOW TO FROM THE NEXT BOTNET
It is now time to learn to thrive in a world with an ever-increasing threat of cyber risks as cybercriminals are now armed with an unprecedented amount of computing power that can have a devastating effect when brought to bear. 2016’s Mirai botnet was the largest attack to-date, taking down several flagship websites such asTwitter, CNN, Netflix and significant parts of the internet forBotnetshours. are covert armies of compromised networked computers and devices (bots) that have been subverted by malware to enable remote control by a cybercriminal. They are bred and nurtured by hackers to provide a powerful, dark cloud computing network used to conduct cybercrime attacks. Botnets are now integrating multiple backup forms of command and control but it is simple to ensure your computers and devices aren’t part of the next Botnet attack. In order to avoid being a part of these attacks, it is important to know how to identify bots operating in the network and how to clean them up before they become part of the next cyberattack. Botnets enter your network through one or few conventional means.
HARISH CHIB, VICE PRESIDENT MIDDLE EAST & AFRICA, SOPHOS ends up exploiting a vulnerability on the system and infecting it n Remote access - IoT devices that are exposed to the internet, allowing direct login access with factory credentials, are the worst offenders, but hackers are not beneath brute force password hacking or exploiting known vulnerabilities in web interfaces to gain control of a device. n USB sticks - While this infection technique is now almost legendary, there’s still a clear and present danger that a user will foolishly plugin a USB device of unknown origin into their computer to see what it contains, only to introduce malware onto their system
n In order to manage devices remotely, secure VPN technology must be used. ë
IoT devices are easy-to-use, affordable and enable a whole new level of control and efficiency in managing our world. With everything being interconnected, hackers are continually looking to exploit new systems into their botnets and hence security should be a top priority as these devices can be easily hijacked
n Avoid IoT devices that require ports opened in your Firewall or router to provide remote access. Instead, use cloud-based devices that connect only to the cloud provider’s servers and don’t offer any direct remote access.
The growing popularity of the “Internet of Things” (IoT) makes the threat landscape a moving target. Cybercriminals have started targeting all businesses, large medium and small.
We cannot completely stop the spread and creation of botnets, it is too profitable a business. But we can protect our networks with strong network security tools such as Advanced Threat Protection as it can identify botnets that are already operating on your network, Intrusion preventionas it can detect hackers attempting to breach your network resources, Advanced sandboxing which is used to identify suspicious web or email files and detonate them in a safe sandbox environment to determine their behavior before allowing them into your network andWeb and email protection which prevents botnet recruiting malware from getting onto your network.
n Update your devices regularly and reduce the use of IoT devices. Ensure that the older devices are upgraded to new and more secure models.
26 MAY 2017
l
l
l Periodically check financial accounts/personal accounts.
l E-mails that say you have won a contest that you haven’t entered. The E-mail that asks for money to cover up expenses or a donation. Ways to prevent Phishing
Phishing in News March 2017 - Los Alamos County reported that its email system was attacked by an apparent phishing scam and has turned the incident over to law enforcement.The incident affected at least one public works employee. The country’s e-mail system is hosted as a cloud-based system. The county uses multiple layers of anti-virus and anti-malware protections.
The links contain a misleading domain name of a fake website. The senders e-mail address does not match to that of the organization.
2016 – Safeena Phishing Attack - A seemingly friendly e-mail popped up in the mailboxes of a number of human rights activists, union leaders and journalists. The sender, who called herself Safeena Malik, introduced herself as a keen human rights activist. She told them she wanted to start a dialog with them, in order to discuss upcoming campaigns. It was only later that the recipients realized that they had apparently fallen victim to a so-called “phishing” attack, i.e. someone making digital contact under a false identity with a view to accessing the recipient’s personal data. All of those targeted had one thing in common: They were campaigning on issues relating to migrant workers in Nepal and Qatar.
February 2017 – The Duluth school district was the victim of a phishing scam resulting in the loss of email communication for part of the day.An employee’s name was used with the Dropbox file hosting service to get users to click on something that spread malicious emails. The District shut down the server to address the problem.
l Never share personal or financial information with the recipient.
Nearly everyone with an E-mail account must have received a phishing message to their inbox. To get your attention, phishing attacks use format ting and appearance of authorized enterprises to look like e-mails from banks, credit card companies. For example, criminals will send emails with subject like: “You won a $500 Million” or “Verify your account” to lure people to fake web sites that look similar to real sites of the organization they are impersonating. Thinking that they are on the organization’s webpage, people may enter in their personal username and passwords, unknowingly divulging their private information to the criminals. Government and Banking websites are the most frequently impersonated websites. How to identify Phishing?
l Always protect your computer with updated firewall or anti-virus.
l Do not click or download unknown files or links.
27MAY 2017 PHISHING
l
The E-mail which requests for personal information like credit card details/ account password E-mail messages which start with ‘Dear Customer’ instead of the user’s name.
l
Phishing is an online scam where cyber criminals send fraudulent emails that appears to be from some authorized enterprises askingyou to provide private information like credit card numbers, personal username and passwords, etc. This is usually done by including a link that usually directs to a hoax website or otherwise gets to divulge your information. The website is a spoof and the information you provide goes to the perpetrators and they then use this private information to commit identity theft.
What is Phishing?
l Be suspicious of e-mail that ask for sensitive information.
As of recently, not only has the number of brick and mortar shops that are developing an online presence increased profusely, but also the number of people who shop online.
The estimated global online retail sales for the year 2016 is a whopping $1.9 trillion, making up about 7.4% of total retail sales. According to UNCTAD’s B2C E-commerce Index 2016, Luxembourg is leading at 1stplace, followed by Iceland, Norway, Canada, and Japan, respectively. Furthermore, Saudi Arabia is ranked 56thon the index with an e-commerce index value score of 52.2. This score is based on various factors including: share of individuals using the Internet, share of individuals with credit cards, secure internet servers per 1 million people, and UPU postal reliabilityscore. Zeroing in on the Middle East, the online craze is very prominent. With a $5.3 billion e-Commerce market, the ME is expected to be a larger player in online retails as the years progress. According to a recent survey conducted by PwC, 72% of ME consumers made their first online purchase in the past two years. In contrast to the rest of the world, not all shoppers prefer using a debit or credit card to shop online in the ME. This fact is apparent as 85% of ME online consumers prefer to pay cash on delivery rather than use a credit or debit card, even though the majority of online shoppers in the ME are 26-35 year-olds who are capable of owning such cards. On the other hand, the motivating factors of ME online shoppers are similar to those mentioned before; moreover, 39% agree that the ability to purchase items which are not available locally and free shipping are major influencers.
What is the ME buying? In the UAE, 43% of online purchases made is on travel and transportation and 40% is on apparel. Jewelry and watches are at a high 33%, which is no surprise due to the ME’s preference to luxury. Broadly speaking, according to a survey conducted by PwC, the top products being bought online in the ME are airline tickets, hotel reservations, event tickets, electronics, books, apparel, and video games. Furthermore, in Saudi Arabia, Kuwait, and Egypt, the number of male online consumers outweighs the number of female consumers; on the other hand, in UAE, it is almost equal. This, however, could be due to the influence of culture: women in the ME are more likely to use their male family member’s card or information when making a purchase.
ESTAWTHIG TEAM
EXPERTBYLINE 28 MAY 2017
SECURE ONLINE SHOPPING
In total there are 2.4 million online buyers in Kuwait, 6.8 million in UAE, 10.6 million in KSA, and 15.2 million in Egypt (with a population of 4,159,582; 9,439,250; 32,542,392; and 94,178,934 respectively). Seeing as Kuwait is the hub of e-Commerce in the ME, it isn’t a surprise that about half of its population is onlineconsumers.Thetopshopping websites in the UAE, Kuwait, and Egypt are Souq and Amazon.
Technology is automating everything around us, from the simplest of tasks to the most complicated. Nowadays, it is also taking over entertainment and normal everyday errands, such as shopping. As a form of e-commerce, online shopping allows individuals to buy products or services from across the world over the Internet from the comfort of their home or on their way to work. Being in the 21stcentury, there are many means to shop online: mobile, tablet, laptop, etc. According to Khaled Saleh, CEO of the leading provider of website conversion optimization intelligence Invesp, on a global scale 53.9% of consumers lean towards smartphones to browse online stores, but 76.9% of consumers switch to their laptops or desktops to continue with online payment. Online shopping has affected both business and customers.
Atheer Almogbil, Abeer AlSumait, Mada AlHaidary, Hind Alajlan, and Hani Alzaid. Proving to be the favored shopping website, Souq.com is the leading and largest online shopping website in the ME. However, in Saudi Arabia, the leading online shopping website is Haraj.com, which is the 13thmost visited website in KSA, as stated by Alexa InternetInc. As online purchases are predicted to increase drastically in the coming years, ME consumers should get on board with making online payments.Takinga closer look at the Kingdom of Saudi Arabia, which has the highest amount of debit and credit cards circulating in the Arab world, it’s shocking to know that AT Kearney states that only 33% of online purchases are paid using a credit card. Nevertheless, this could be due to doubts consumers have regarding payment security, authenticity of the website, and quality of the product. This is proven by the fact that 40% of Middle Eastern online consumers have concerns regarding the security of their online transactions, and the same percentage of online consumers in the MENA region have experienced online fraud or theft, as stated in AT Kearney’s “Getting in on the GCC E-Commerce Game”. Additionally, an individual’s lack of knowledge regarding their rights as a consumer, the return policy, or purchasing procedures can also affect his or her tendency to pay using a credit card. Not all consumers in the MENA region are fluent in the English language. Subsequently, consumers fail to go through the hectic process of filling out the payment form due to the form being inEnglish.
•
•
HANI ALZAID,MOHAMMED PHD NATIONAL
29MAY 2017 the ministries and associations responsible for commerce and consumer protection should introduce these measures. The challenges that should be addressed include but are not limited to an e-commerce law dictating consumers’ rights, businesses’ rights, and penalties for dismissing such rights. Also, secure online payment methods and policies, criteria to validate e-commerce websites, and tips on how to ensure the authenticity of an online seller should be introduced to the public to raise awareness. Individuals will feel safer knowing that there are laws to protect them from fraud or identity theft and actions that they can take to protect themselves from cyber crime. Hopefully, the mere 33% of KSA online consumers that choose to pay using a credit card will slowly but increase over the coming years. This, in turn, may also increase the number of online consumers in Saudi Arabia. In the meantime, here are a few tips to ensure a secure online purchase: 1. Check your web connection: 2. Make sure you are on the right page: 3. Read about the website and its return policy: 4. Beware of deceptive advertising: 5. Check your privacy policy: 6. Create an email just for shopping: 7. Create a strong password: 8. Use secure payment services: 9. Check your bank statements: 10. Browse from a secure network 11. Take advantage of e-commerce applications:12.Beware of viruses:
•
FOR TECHNOLOGIESCYBERSECURITY
Therefore, certain measures should be taken to encourage KSA online consumers’ comfort in partaking in online purchases. Consequently, CENTER
Why do consumers prefer online shopping?
•
Unfortunately, a majority of e-commerce websites do not offer the “Payment on Delivery” option that most ME consumers prefer.
•
•
Well, a recent survey conducted by PWC shows that convenience is the main factor. Globally, 47% said that convenience played a greater role than price. However, when con venience is taken out of the equation, 60% of the global sample said that price was a major influence. Some other reasons for shopping online rather than in-store are: Items are usually instock. The website is easy touse. Ability to view customerreviews. A great loyaltyprogram. Fast and reliabledelivery. Ability to find products not available in the country orcity.
Enterprises are transforming their security spending strategy in 2017, shifting from prevention-only approaches to focus more on detection and response, according to Gartner, Inc. Worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016 and to top $113 billion by 2020. Spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020. The Internet of things has become the Internet of threats for security companies. Cyber security is the hot topic in the defence industry, with sales on the rise. Defence firms are expanding into this area as its the top priority for many governments around the world. Most importantly defence budgets have increased in the Middle East to include cyber security as cyber-attacks targeted national energy companies in the Middle East last year. Hence, IT security spending in the MENA region is estimated to reach $155.8 billion in 2017, a 2.4% increase from 2016. Verticals driving this spending will be media, communications, banking and securities and manufacturing.
JENS CHRISTIAN HOY MONRAD, SENIOR INTELLIGENCE ANALYST, FIREEYE. UAE is currently the target of five percent of the world’s cyber-attacks, with the financial services industry the worst affected. In this growing digital world, data privacy and its protection is most crucial for businesses. “As the threat has grown we have seen more investment by regional businesses to protect themselves from cyber-attack, but there needs to be more investment in threat intelligence
WARREN MERCER, SECURITY RESEARCHER, CISCO TALOS “FireEye provides unmatched threat intelligence strategies allowing organizations to mitigate risk, bolster incident response and enhance overall security.”
30 MAY 2017 KEEPING UP WITH THE CYBER THREAT LANDSCAPE
CTIB IN THE MIDDLE EAST
Let’s face it, with everything becoming digital, cyber security is becoming a growing concern for organizations globally. In times of financial pressure or instability, security is often seen as a supporting function or an overhead cost to business. Questions such as when and how come up when it comes to safeguarding our organisations from potentially lethal cyber-attacks. With the region becoming a hub for many industries and seeing an increasing consolidation of wealth and assets, it’s guaranteed to attract malicious players.”
The Middle East is dominated by major financial, energy and telecoms businesses, all of whom are vulnerable to cyber exploitation and attack. The “Talos’ core objective is to provide verifiable and customizable defensive technologies and techniques that help customers quickly protect assets from the cloud to core.”
n BY: AISHA NIZAMUDDIN KHAN <AISHA@GECMEDIAGROUP.COM>
MICHAEL MARRIOTT, SECURITY RESEARCHER AT DIGITAL SHADOWS and digital risk management to ensure that they can anticipate cyber-attacks on their customers data, company IP and other critical assets,” said Michael Marriott. “What we have observed is a certain degree of misalignment between investments in tools and technology on one hand, and the requisite human skills on the other.
Organizations usually invest more in one over the other, or not enough in either. Enterprises have been spending on security technologies and other infrastructure that either do not work well together, or require a great deal of effort and personnel to follow and address the ensuing multitude of alerts,” says Jens Christian HøyMonrad.A single, unified approach will drastically improve the organization’s security posture and show companies the true value of all the products they have acquired. “Our advice to CISOs would be to simplify and set their sights on integration across their IT environments. As the number of threats, alerts and security events outnumbers most staff, employed to defend organisations, organisations need to look for solutions which provide not only automation and integration, but also enrich events with tactical, operation and strategic threat intelligence,” says Jens Christian HøyMonrad.
“A big challenge for business leaders is understanding where they will get the most bang for their buck. Characteristics of a threat intelligence provider should include its coverage, accuracy, timeliness, ease of integration and relevance. Of course, there’s plenty organization can do for free. Internal logs and sharing communities can all be useful sources for threat intelligence teams,” says Michael Marriott.
“Mimecast reduces not only the complexity of multiple solution environments, but it also reduces the costs asso ciated with running multiple solutions.”
The Middle East is alert as compared to other markets regarding shifts in their investment profile in security funding. The best part is that Middle East market doesn’t rely much on single vendor cloud based strategies which on the other hand fascinate other markets. “A cloud based strategy is appropriate, but a single vendor cloud approach means that your risk profile rises exponentially.. Mimecast’s scalable cloud software-as-a-service model works on a subscription basis when organisations pay per mailbox, rather than outlaying a large portion of funding for costly hardware and software that require regular upgrades,” says Brian Pinnock.
THE ROLE OF THE CISO AND CFO With the threat landscape constantly changing, it is crucial for enterprises to employ structured parameters when planning for organizational security. “It is crucial for CISOs and CFOs to allocate the right resources to protect critical assets. Before setting a security budget, security managers need to assess their current resources and how successful are they with mitigating attacks, and eventually allocate the correct resources to fill in the gaps,” said Jens Christian HøyMonrad. Since threat intelligence isn’t made equal, it is vital that CISOs and CFOS select intelligence offerings which will aid security operations, ultimately helpingthe businesses in recognizing the risks it is susceptible to.
FINALLY The rise of insider threats is definitely becoming an important issue since they arise from unware users whose systems are compromised from top to bottom with malicious insiders who are most likely pocketing a financial gain by selling vital data of the organization, which most likely also includes customer’s private data. On the other hand, the External attacker profiles are changing from the outdated hobby hackers to more professional criminal groups, nation states and hacktivists. Enterprises have become extremely alert in the region in order to adapt to this evolving threat landscape and efficiently put their budgeting resources into action to invest in adequate cyber threat intelligence. If organizations fail to meet these criteria, then they can assume an automatic shutdown of their businesses and exit from the competitive market. ë
BRIAN PINNOCK, REGIONAL MANAGER OF SALES ENGINEERING, MIMECAST MEA.
SERGEY
“Our expertise, as a developer of a DLP solution, extends exactly to this internal threats domain of security.”information OZHEGOV, CHIEF EXECUTIVE OFFICER, SEARCH INFORM.
“There needs to be more investment in threat intelligence and digital risk management to ensure that they can anticipate cyber-attacks on their customers data, company IP and other critical assets.”
31MAY 2017
Security is a ‘Shared responsibility’. What is your point of view in this? A successful security program is built on 3 main pillars: People, Process and Technology. The overall security of the organization is as strong as its weakest link. A cyber security strategy that focuses on investment in technology and process only will fall short of protection the organization unless the culture of the organization is changed.
The role of the CISO has significantly changed over past years and continues to change today. Arguably no other organizational role has evolved as rapidly as the role of the CISO. In the past the evolution of the CISO role has been primarily driven by government intervention resulting in regulations and security compliance mandate following major data breaches. In today’s digital age, the increased technology adoption to transform business activities and services to customers requires the CISO role to evolve in order to ensure that security remains an inseparable part of a successful digital transformation journey.
It is the responsibility of the CISO to influence the organization and establish a security-conscious culture wherein security is clearly seen as a shared responsibility.
With the advent of IoT, the scenario has just worsened. Security is an overriding issue and the organizational premises are vulnerable?
The CISO should also work with Board of Directors and Senior Management to ensure that the right tone is set at the top and clear accountability for security is defined throughout the organization. How should a CISO resume look like for 2017? Today’s CISO needs a wide-ranging set of skills to be successful in their role. CISOs are now expected to understand and articulate the business risk of cyber threat to board members and non-technical audience. Hence, it is essential for today’s CISOsto have the business acumen and strong leadership skills in order to drive changes throughout the organization. CISOs must also challenge themselves in order to go beyond the traditional view of security as a trade-off and bring innovation into security in a way that transformed security from a necessary evil into a competitive advantage. ë
CISO SPEAK 32 MAY 2017
ROSHDI OSMAN, FOUNDER OF CISOLEADERSHIP. ORG AND AN LEADERRECOGNIZEDINTERNATIONALLYCYBERSECURITY
The traditional view of security is based on the CIA triad, Confidentiality, Integrity and Availability. IoT adds a new dimension to the cyber threat based on the physical impact of IoT devices to humans and property. So in a way, IoT devices are best viewed as cyber-physical objects that can interact in the world in a direct and physical manner.
The impact of IoT devices is best illustrated in devices like smart cars where a cyber-attacker has the ability to remotely take control over a moving vehicle. Usage of IoT enabled pacemakers might result in cyber murder by exploiting security vulnerabilities if any in such devices. With IoT being used for critical infrastructure and basic amenities such as electricity, water supply and HVACs, attackers may exploit security vulnerabilities to take control of such infrastructure resulting in disastrous consequences.
ESTABLISHING A SECURITY -CONSCIOUS CULTURE
Today’s CISOs are entrusted with much wider range of responsibilities that have significantly increased the complexity of their role. Security has become an increasingly essential element of organization’s risk management strategy. And as security breaches, organized crimes and nation states attacks have become more disastrous to business, cyber security has become the boardroom agenda.
How has the role of a CISO evolved over the recent times?
Hence, when considering the security impact of IoT, in addition to the traditional threat landscape, we have to be mindful of the physical impact that IoT has on us and our property.
“The cyber-security landscape is a constantly changing environment, enterprises are under tremendous pressure to deploy multi-layer and comprehensive security strategy to keep up with today`s constantly evolving IT security landscape,” said Vimal Kocher, Managing Director for the Middle East region of Arrow’s enterprise computing solutions business. “Our goal is to enable solution partners to understand, execute and deploy comprehensive security solutions across a spectrum of delivery platforms from data and endpoint security, threat prevention, security analytics to automated security and monitoring solutions. However, sound information security management often involves people, processes, and technologies. It takes everyone, from CEO to front-end employees in the organization to adopt daily security practices to prevent, detect, and respond to potential security challenges.”
ARTICLEGUEST
33MAY 2017
“It takes everyone, from CEO to front-end employees in the organization to adopt daily security practices to prevent, detect, and respond to potential security challenges.”
END-TO-END
CYBER-SECURITY TECHNOLOGY SOLUTIONS ACROSS MIDDLE EAST
VIMAL KOCHER, MANAGING DIRECTOR FOR THE MIDDLE EAST, ARROW ENTERPRISE COMPUTING SOLUTIONS BUSINESS selling approach that address end-customers’ pain-points in quest of digital transformation. In addition to technical competency information security training, our go-to-market programs also focus on providing solution partners with training on sales enablement, soft-skills and solution-selling approach. We help them gain a deep understanding if overall information security value proposition, improve their selling skills to line-of-business decision makers, as well as selling vertical market capabilities. Arrow has one of the industry-leading teams of Pre-sales and Post-sales engineers which enable Arrow to support entire technology and business transformation cycle involving vendors, solutions partners, and customers. It gives us the power to implement the solutions we provide, and reducing the wrong design cases. In addition, Arrow has an in-house Lab and Data Centre where Arrow experts can provide consultative advices to the customers/partners before security technologies purchasing process. Furthermore, at our Proof of Concept Solution Center, we are able to showcase our latest security solutions, execute sophisticated proof of concepts and perform complex demonstrations to our Partners and their potential customers. Our enablement programs include bi-weekly product/technology introduction training sessions which make it easier for solution providers to identify potential gaps in their security solution portfolio and get them quickly on board with new offerings. We also offer special recruitment program to invite new solution partners to tap into our rich, vast and long-standing technology ecosystem and provide them with immediate access to a vast range of global technology portfolio. We will also introduce incentives and bundle offers to enable solution providers to strategically grow their business. To strengthen rapport and collaboration with solution providers, we plan to engage with solution providers though monthly team building activities. Regular and effective communication is key to any business relationship and this is why we put emphasis on having weekly face-to-face meeting with our solution providers to facilitate progress. ë
As an aggregator, an enabler and an ecosystem builder, Arrow is committed to helping our solution partners to adopt data security solution-
As we know, cyber security threats and attacks are getting increasingly advanced and persistent. A recent World Economic Forum (WEF) report listed cyber-security as one of the greatest threats to business around the world. Research reports forecast that the Middle East and Africa cyber security market is expected to grow to $13.43 billion by 2019. In order to help our Channel Partners to tackle current security challenges and deliver value to their Customers, Arrow will host a series of enterprise security solution seminars and technology showcase in a number of key cities in the Middle East region including Abu-Dhabi, Kuwait City, Manama and Muscat in May and Beirut and Amman in August.
n BY: AISHA NIZAMUDDIN KHAN <AISHA@GECMEDIAGROUP.COM> LOOPHOLES
2017 CISO’S DATA GOVER NANCE STRATEGY
“A data governance strategy must look at the BE SAFE
Content, which includes all types of data including structured and unstructured is growing at a steady rate of about 80% annually Structured data is growing at the rate of every40%year generated from bywillmachinesincrease15timesby2020 40 80%40%
Most often in data breaches, files and emails are mostly besieged as they are valuable assets and vulnerable to misuse by insiders and outsiders that cross the perimeter. Organizations mostly concentrate on outer defenses and put their energy towards chasing threats, however, the data is left unmonitored and available to hack.
15 1. Formation of Data Stewardship/ Data Standards Groups 2. Recruitment of Chief Data Officer (CDO) 3. Transformational Data Governance in Asia 4. Increased Data Governance in 5.healthcareMoreintegrated approach to Data Quality Management 6. Data Governance for the Cloud 7. Emergence of Data Governance policies on mobile and social 8.platformsIncreased use of Data Quality tools in Big Data 2017 PREDICTIONS FOR DATA QUALITY AND DATA GOVERNANCE 34 MAY 2017
The size of global data will measure a
Preserving the integrity and consistency of the enterprises data is crucial.Let’s face it, data is everywhere! But how an enterprise handles and protects this data is what truly defines an enterprise’s success. Enterprise data governance is a long-term process which doesn’t happen overnight. True governance is a process by which an enterprise controls the definition, usage, access and security of their most vital asset called “data”.
DODGING THE
Data governance runs horizontal to the entire enterprise. All modernday enterprises seek a secured and sound infrastructure. A CISO’s dream would be to have a perfect security setup to govern their organizations data. Yet, hackers manage to enter the enterprises’ system through loopholes, ultimately sending a crippling shockwave down the organizations’ system. This disturbance to the vital day to day functioning of the enterprise is what the CISO’s want to avoid at all costs. They want their modern-day enterprise’s data to be completely protected and remain secure in the hands of the organization only. CISO’s want to destroy the loop holes which cause hackers to lure their way into their systems causing data breaches as this becomes very costly for a business. Through compliant practices, enterprises can effectively govern their metadata, unstructured data, registries, taxonomies and ontologies.
40staggeringzettabytesby2020
Data
DATA STEWARDSHIP Data stewardship is both a challenge and benefit to organizations. An organization can hire fulltime data stewards or can envoy stewardship responsibilities to existing employees. However, businesses are most often reluctant to accept new arrangements for the maintenance of their data and or enforce new policies on the data use. The reality is that, in an ideal scenario if all users adopt a stewardship-minded approach to safeguard and handle their data responsibly then all businesses would thrive. “The biggest challenges organizations face when trying to get a handle on their data is understanding what they have, where it lives, who has access, who has been accessing it and how has that access been used. Existing data regulations task CISOs with shoring up their data governance, and that includes identifying files containing sensitive data, reducing access on a need-to-know basis, monitoring access and ensuring the data is properly disposed when no longer necessary to operations.” says Brian Vecci.“Cloud is the new paradigm of where data resides. The world of information security and data governance is increasingly fragile and vulnerable as the data now resides on cloud. To keep this delicate structure operational, organizations need to take many precautions. The CISO has to ensure better communication with management, commit to improving incident preparedness, and should be aware of new government regulation and to keeping up with new laws.” Arun Sridhar.
STRATEGYGOVERNANCE
REGIONAL
n
n Know where personal data is stored on your system, especially in unstructured formats in documents, presentations, and spreadsheets. Determine the when, why and purpose of data collected in order to minimize retention. Control who can and who is accessing data. Monitor for unusual access patterns against files containing personal data and promptly report exposure to local data authorities. ORDER TO BE PRE PARED, CISO’S NEED TO INCLUDE THESE ELEMENTS THEIR DATA
“We have developed a security score card which allows organizations to measure anywhere from 6 to 10 different focus areas inside cyber security.”
35MAY 2017
n
entirety of an organization’s data set by turning on the lights; CISOs cannot protect what they cannot see. They do this by classifying their data, SRIDHAR, SERVICE DELIVERY MANAGER, EMITAC ENTERPRISE SOLUTIONS VECCI, TECHNICAL EVANGELIST, VARONIS SYSTEMS
FINALLY Having a single data warehouse for an enterprise is not realistic. Ultimately, comprehending this new information requires business to have strict governance with accountability in place. Data governance holds a significant challenge for CDOs, CIOs, CQOs and business executives. This is because without an effective data governance program in place, an organization might face reduced revenues, decreased productivity, inefficient manual processes and increased risks, regulatory or compliance focus. ë
“The world of information security and data governance is increasingly fragile and vulnerable as the data now resides on cloud.”
“A data governance strategy must look at the entirety of an organization’s data set by turning on the lights.”
2017
assessing where it lives, who has access, how they were granted access and what they are doing with that access and then providing user behavior analytics to alert and stop suspicious activity by insider threats, hackers or crippling ransomware,” says Brian Vecci.
n
IN
BRIAN
ARUN
INTO
EDDIE SCHWARTZ, EXECUTIVE VICE PRESIDENT OF CYBER SERVICES, DARKMATTER
What is it that makes your technology sophisticated but at the same time simplified as well? Its Real-Time Breach Prevention, what CIO’s care about is compliance, visibility and reporting. Your business is dynamically evolving and in Real-Time we will prevent breaches.
If you look at SonicWall, there are many companion products like wireless security or WAN optimization, which eliminate or reduce the management burden in several areas of security. So, I think SonicWall is well poised to give that simplified management, simplified approach towards addressing various areas and even talking about e-mail security, we have the e-mail encryption and the e-mail gateway to capture the sandboxes. So, all this integrated into one which simplifies the configuration. Many CIO’s have started liking this approach. ë
FLORIAN MALECKI INTERNATIONAL PRODUCT MARKETING DIRECTOR
INNOVATE MORE, FEARLESS
SonicWall launched SecureFirst partner program to improve the training of its partners along with a series of marketing programs and incentives at the global level, under the motto Fear Less, that seeks to improve the positioning of the company.
The first thing is we had to launch a new Partner Program- SecureFirst, obviously spinning off from the Dell premier Partner program. We have a 2tier channel model distribution and re-sellers. The program is by invitation only. If you look at some of the numbers around the region globally, within 150 days of launching the SecureFirst Partner Program, we have more than 10,000 resellers coming on board, out of which 2000 were new resellers. As you can imagine all the assets are wrapped up into different e-mails and white papers and presentationsso on and so forth. The SonicWall University program is one of it.
The third marketing campaign is e-mail security. 65% of ransomwares are being delivered by our e-mail. So, we are preparing our customers to protect their emials, be it their e-mails whether hosted e-mail or exchange e-mails, private e-mails, users accessing their private e-mails, . From a heavily from a marketing point of view as likeinnovate, embrace the digital transformation, capture more in sounds of force in terms of fear less. So, that’s what we have released about a month ago, that SonicWall University together is the global fearless marketing complaints.
How is SonicWall planning to enter markets like Oman, Kenya, and Ghana? Oman is an excellent market for us. So, any customer, who thinks of acquiring security, SonicWall appears in the top 2 or 3 Thenames.last quarter we had a government customer, using 10000+ mail box solution. Oman has always been an important market for us in the region. After UAE, after Saudi, Oman is considered as the next best market for us. Talking about Kenya & Ghana, our focus is again back into African market. So, we are in the process of building a good channel, the SecureFirst Program will help us reach out to maximum number of partners in those countries. And it is just a matter of time for us to reach out to those markets, put in all the best practices that we are implementing here in the markets as well. This is where the ValueAdded Distributors help. That is the beauty of the channel. We have partners who have been with us for 10-15 years.
The second one is around encrypted traffic because more and more hackers are hiding malware and methods using the SSL/ TLS traffic and we can protect against that of course. If you look at our 2017 Threat Report, 62% of the traffic, worldwide traffic, our firewalls was encrypted. So, customers do not analyse that traffic, something wrong will happen.
How has it come for you as an independent company now? We separated from Dell back in November and SonicWall became an independent business owned by Francisco partners together with a private pensionfund. I would say Dell was very beneficial to SonicWall business, to recruit the new partners, to open doors to different set of end user customers.
MY OPINION 36 MAY 2017
REGISTER ONLINE FOR FAST-TRACK ENTRY! gisec | iotx gisec@dwtc.ae | iotx@dwtc.aewww.gisec.ae | www.iotx.aeDEDICATED CONFERENCES 75+ speakers including INTERPOL, GCHQ, Wells Fargo, AXA, HSBC & more TECH SHOWCASE 500+ solutionscutting-edgefromregional & global market leaders DEMOS & WORKSHOPS Attend CPE accredited training sessions & demos by industry experts BUYERS’ LOUNGE Discuss your RFPs and gain invaluable insights & advice from our key partners 21-23 May, 2017 Dubai World Trade Centre Connecting and Securing 2020WithEnterprisesGovernmentSmartand34billiondevicesconnectedtotheinternetby *, how will your business stay digitally agile with enhanced customer experience while ensuring maximum security? Officially Supported by *source: businessinsider.com PLATINUM SPONSORS SPONSORSILVER OFFICIAL SOLUTIONSSECURITYSPONSOR SUPPORTED BY POWERED BYEDUCATIONPARTNER MEDIATECHNOLOGYPARTNER OFFICIALPARTNERTRAVEL OFFICIALHANDLERCOURIEROFFICIAL AIRLINE ORGANISED BYPART OF SMART MANUFACTURINGPARTNER PRE-REGISTRATIONSPONSOR SPONSORLANYARDCYBERSECURITYSPONSORPANELPARTNERINNOVATION
GULFPRACTICE,BUSINESS MACHINES
WELL CONNECTED RELIABILITYFLEXIBILITY LONGEVITY
Flexibility is a capability to level the requirement to work alongside the team to meet the objectives.
&STICK-TO-IT-CUSTOMERHISNEEDS
There are so many vendors in the marketplace, each claiming to be the greatest thing since the internet, that knowing which claim to buy can be difficult. Constant mapping out of new innovations, while ensuring the solutions.for&improvementenhancementshisexisting
How does a partner stand out in this increasingly competitive market?
An MSS architecture must be holistic with adequate focus provided on People, Process, Technology and Governance. One of the common mistakes is over-reliance on technology. Having tangible KPIs helps in ensuring continual improvement of the Security Operations. Given the very public explosion of ransomware and an ever-growing list of other threats, IT services providers increasingly are looking to make money on the insatiable demand for cybersecurity. How fairly does this statement justify the growth of managed security services?
ë
It is imperative to have alliances with the top notch leaders from both technology, services & pointinfrastructureofview.
WHAT ARE SOME OF THE UNDENIABLE TRAITS OF A MSP PARTNER?
MY OPINION 38 MAY 2017 360° ARCHITECTUREMSS
GBM’s Managed Services has seen the market grow and is very positive of its growth as well having the best of the breed technology and services partners who too have been in the market and grown successively over more than a decade in the GCC region. With this history comes a documented track record of GBM that has proven its ability to fully support Cyber Security needs and have keptthe customer’s satisfaction level high.
NIRAJ MATHUR REGIONAL MANAGER SECURITY
An MSS partner needs to be on top of the game, since they have to ensure they offer services, which far super cede the services currently being delivered in house by the organization. They need to have a mature SOC Services Delivery model, which considers the pain areas of the customer, trends and customizes their service delivery model to achieve tangible results. This needs years of experience, expert diverse skills and management focus to achieve the same.
Speedy delivery of services, responsiveness to customer evolvement, Superior system performance and around the clock availability
The complexity of cyber security is somewhat proportional to growth in requirements of managed security services. As the adversaries continue to disrupt organizations, it is expected that organizations would like to engage the experts to manage the security operations on their behalf as long as local regulatory compliance is maintained. How has the cost and shortage of security talent empowered MSS domain? Cybersecurity is a very specialized and complex skill to achieve and maintain. To fight off the current challenges in security, an organization needs advanced knowledge and the right aptitude to react. This makes the demand high against lower supply of talent (prevalent globally) which pushes up the costs for an organization. Simultaneously, to keep the security resources motivated is not an easy aspect for organizations since cybersecurity is not their main business domain. These factors enable organizations to consider outsourcing to security companies who specialize in these services, manage the highly talented pool of resources and have built the right services model to service end user i.e. Managed Security Services.
