Page 1

SPECIAL SUPPLEMENT BY

VO LU M E 0 5 | I S S U E 1 2 | O C TO B E R 2 0 1 8

SANJEEV WALIA, FOUNDER & PRESIDENT, SPIRE SOLUTIONS

ALIGNING THE

RIGHT FORCES Spire Solutions is stepping out of traditional security perimeters and ushering in a new dawn of redefined distribution.....24


FUTURE IT

SUMMIT 2019 DECODING THE FUTURE

FEBRUARY, 2019

DIGITAL LANDSCAPE OF 6 COUNTRIES

7

THOUGHTPROVOKING TRACKS

15+

RENOWNED SPEAKERS

200+

C LEVEL EXECUTIVES

REGISTER NOW BROUGHT BY

OFFICIAL MEDIA PARTNER

For more visit <gecmediagroup.com> CONTACT: anushree@gecmediagroup.com, ronak@gecmediagroup.com, divsha@gecmediagroup.com FOLLOW US:

Enterprise Channels MEA - Magazine

EC_MEA

Enterprise Channels MEA

www.ec-mea.com


Cloud Fundamentals. Delivered. http://www.cloudquarks.com/

www.redingtonvalue.com


MANAGING DIRECTOR: TUSHAR SAHOO

EDITORIAL

CEO: RONAK SAMANTARAY EDITOR: ANUSHREE DIXIT   anushree@gecmediagroup.com SUB EDITOR: DIVSHA BHAT   divsha@gecmediagroup.com EVENTS EXECUTIVE: SHRIYA NAIR   shriya@gecmediagroup.com SALES EXECUTIVE:

HOW MUCH IS ENOUGH? I would like to thank all the patrons and partners of The Cyber Sentinels for your overwhelming support towards The GEC Security Symposium and CISO Awards 2018 held on September 5. 2018 at the V Hotel in Dubai, UAE. The inaugural edition of the event was patronized by the Cyber Security department of Dubai Police and the occasion was graced by Col. Saeed M Al Hajri, Director of Cybercrime Department at Dubai Police HQ as the esteemed guest of honor. We have gathered some key highlights from the event and compiled it for our readers in this issue. One of the pressing issues that CISOs and the security service providers indulged in was data privacy. The audience remarked that we are in an era of data explosion and at the same time there are over 120 countries who have a strict data protection policy, but there is always a blame game when any breach happens. The audience and the speakers also involved in discussions on IT security spending and optimization for the modern enterprises. Facebook reported a few days back that up ANUSHREE DIXIT to 50 million user accounts may have been Editor compromised and taken over by cyberattackanushree@gecmediagroup.com ers. British Airways suffered a data breach after hackers implanted their own code on a baggage claims page. In wake of all this, Tim Cook made an interesting statement that Apple users can be assured that their data would never be compromised as Apple collects only minimal data and then encrypts it and at the end even Apple cannot access it. So, when the debate comes to spending in security, all of these cyber-issues are important to address. It is also true that hackers will not wait for a company’s quarter end or budget approval time to plot the attack. It is time to move from legacy to niche, from tradition to next-gen and from normal to novel. In the cover feature of this issue, Sanjeev Walia, Founder and President of Spire Solutions says, “It is after all a cat and mouse game between the defenders and threat actors. So, when we choose our technology partners, we are very careful in seeing if they are ahead of the curve in that moment of time” Hope you enjoy the compilations of this issue. ë

MOHAMMED MUBIN   mubin@gecmediagroup.com BUSINESS DEVELOPMENT EXECUTIVE: SUSAN PAUL   susan@gecmediagroup.com GROUP SALES HEAD: RICHA S   richa@gecmediagroup.com   + 971 529 943 982

VISUALIZER: MANAS RANJAN LEAD VISUALIZER: DPR CHOUDHARY DESIGNER: AJAY ARYA ASSISTANT DESIGNER: RAHUL ARYA, DEEPAK KUMAR

SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA   yasobant@gecmediagroup.com

DESIGNED BY

PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE

INFO MEDIA PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN.

04

O CTO B E R 2018


CONTENTS

COVER STORY

14 2018 SECURITY INSIGHTS

As the breaches continue to roll on, Cyber Sentinels, in its last issue for this year takes a look back at the 2018 security market, the most damaging breaches and the defensive measures. Read on...

38

32

44

48

EVENT COVERAGE

BE SAFE

SPECIAL STORY

THREAT DECODED

GEC SECURITY SYMPOSIUM 2018

CONTINUOUS APPROACH FOR CONTINUED SECURITY

DIGITAL WORKPLACES, VANISHING PERIMETER

SECURITY

O CTO B E R 2 018

CRYPTOCURRENCY SECURITY

05


CHANNEL

STREET McAfee Labs Sees Cryptocurrency Mining Surge Continue

HONEYWELL LAUNCHES PROCESS SAFETY SUITE Honeywell launches Process Safety Suite, which centralizes and synchronizes disparate process safety data to eliminate errors and inconsistencies. The software platform creates a complete, real-time view of safety risk for all levels of an organization.

CHRISTIAAN BEEK, LEAD SCIENTIST AND SENIOR PRINCIPAL ENGINEER WITH MCAFEE ADVANCED THREAT RESEARCH

McAfee released its Labs Threats Report: September 2018 that examines the growth and trends of new cyber threats in Q2 2018. In the second quarter, McAfee Labs saw the surge in cryptomining malware growth that began in Q4 2017 continue through the first half of 2018. McAfee also saw the continued adaptation of the type of malware vulnerability exploits used in the WannaCry and NotPetya outbreaks of 2017. Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape. After growing around 400,000 in the fourth quarter of 2017, new cryptomining malware samples grew a stunning 629% to more than 2.9 million samples in Q1 2018. This trend continued in Q2 as total samples grew by 86% with more than 2.5 million new samples. McAfee Labs has even identified what appear to be older malware such as ransomware newly retooled with mining capabilities. “Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity. If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream,” said Christiaan Beek, Lead Scientist and Senior Principal Engineer with McAfee Advanced Threat Research.

SYMANTEC PROTECTS OFFICE 365 WITH DLP TECHNOLOGY Symantec has made new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365. With Symantec DLP, data is protected whether at rest or in transit, on-premises or in the cloud, and everywhere it flows through a single management console. Monitoring and protecting data in the cloud generation is a complex task, and GDPR and other similar privacy regulations have further raised the stakes on data security, privacy and compliance. As such, companies must work to ensure that sensitive data such as PII, intellectual property, or source code is protected no matter where it is shared. In the cloud generation, this is more difficult than ever, as enterprises are rapidly adopting SaaS applications, including Office 365, that require data to continuously move between endpoints, cloud and third parties such as partners, vendors or contractors. Symantec provides advanced functionality for visibility, protection and control of sensitive data no matter where it lives or travels. Users can now safely share sensitive data through Office 365 with employees, partners or contractors.

06

O CTO B E R 2018

The new solution integrates aeSolutions’ aeShield process safety software with Honeywell’s Safety Builder, Process Safety Analyzer and Trace solutions, enabling large industrial facilities to efficiently monitor process safety while helping to reduce operational costs. Honeywell signed a reseller agreement for aeShield with the software products division of aeSolutions. Process Safety Suite is a response to the time-intensive, manual procedures that most large industrial facilities use to manage process safety today. “The aeShield and Honeywell technologies work together to integrate critical steps in the process safety lifecycle,” said John Rudolph, president Honeywell Process Solutions. “The result is an enterprisewide risk identification and reduction capability that is unique in the industrial process safety market.”


Sophos @ GITEX 2018 Visit Sophos booth SR-D4 in Rashid Hall.

Intercept X for Server Unmatched Server Protection Protect the critical applications and data at the core of your organization, with these essential protections: • Deep Learning Neural Network: Protects against never-before-seen malware • Anti-Exploit: Prevents an attacker from leveraging common hacking techniques • Server Lockdown: Provides application whitelisting with a single click

Get Free Trial www.sophos.com/server

Endpoint Security Software Vendor of the Year

Best Encryption Vendor of the Year

Best UTM Vendor of the Year

Innovative Vendor in Endpoint Security

For more information please contact: salesmea@sophos.com

Top Vendor Endpoint Security of the Year


WUD Organizes Workshop on Cyber Security for Women

DR. SANJAY GUPTA, VICE CHANCELLOR, WORLD UNIVERSITY OF DESIGN (WUD)

Recognising the growing importance and emerging threats on digital platforms and ensuring women safety, The World University of Design (WUD) – India’s first and only University dedicated to education in the creative domain is hosting Digital Shakti workshop. The workshop focuses on promoting literacy, building awareness about cyber-crimes and recourse available to women to prevent and redress such crimes. The workshop was conducted by Cyber Peace Foundation under the aegis of the National Commission for Women. Speaking about the workshop, Dr. Sanjay Gupta,

Vice Chancellor, World University of Design (WUD) said, “As the number of digital security incidents and cyber-crimes are bourgeoning, our goal is to create comprehensive awareness amongst women about the counter-measures against such cyber security threats and crimes. Such comprehensive workshops are need of the hour which not only addresses threat on traditional digital mediums like websites, payment gateways, mails etc. but also extends to newer platforms like social media which include threats of violence against women.”

NEC ENHANCES CYBERSECURITY FOR ASEANMEMBER STATES NEC Corporation enhances building and operation of a system in cooperation with NEC Thailand for the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC), which develops cybersecurity human resources for ASEAN-member states at the request of the Electronic Transactions Development Agency (Public Organization) or ETDA, a Thailand government agency. NEC will hold a variety of cybersecurity exercises at the AJCCBC through May 2019, including incident response exercises for approximately 150 government and critical infrastructure company employees belonging to ASEAN-member states. This human resource development project is promoted by the Ministry of Internal Affairs and Communications as part of a Japan-ASEAN Integration Fund (JAIF) project.

08

O CTO B E R 2018

GOOGLE LAUNCHES “ABTAL AL INTERNET” TO HELP CHILDREN BE SAFE ONLINE Google launches “Abtal Al Internet” (English translation is “Internet Heroes”), a multifaceted program designed to teach children the fundamentals of digital citizenship and safety in Arabic. “Abtal Al Internet” provides a range of resources and online activities for children, educators and parents to encourage digital safety and citizenship. The online platform — g.co/abtalinternet — focuses on five key fundamentals to help children navigate the online world with confidence by learning how to be smart, alert, strong, kind and brave online. The program also includes “A’lam Al Internet” (English translation is “Interland”), an online adventure which reflects the fundamentals of digital safety into hands-on practice for children to learn about online reputation, phishing and scams, privacy and security, online harassment and reporting inappropriate content. Tarek Abdalla, Regional Head of Marketing at Google MENA said: “We want children to learn how to protect their personal information online, avoid inappropriate content, hackers and spammers, while exploring the internet with confidence. “Abtal Al Internet” will equip educators and parents with actionable resources to teach digital safety and citizenship through an immersive, fun and unforgettable experience for children in the Arab world.”

DID YOU

KNOW? Global information security spending to exceed $124B in 2019: Gartner


A fast growing Distribution Company in Middle East & Africa. OUR CORE SERVICES  Distribution of Gaming & Entertainment Products  Distribution of ELV/CCTV and networking solutions 

 Credit ratings Technical evaluation and compliance Supply chain Marketing & promotions

Value addition through our team of expertise in different fields to support business and growth

 Distribution & Memory Cards Solutions and Storage

Inviting Sub distributors for North Africa / West Africa / East Africa Bay Square,Business bay PO Box: 261004,Dubai. Call:+971 4 4484684 Fax: +971 4 4486663 Email: info@strategyme.com

Strategy International Fzco TOPMOST SHIPPING LLC At Topmost, we not only provide the product but also offer 7-star services to all our clients. Our services include:

• Air / Sea / Road Transportation • Customs Clearance & Door Deliveries • Warehousing & Distribution • Project Cargo Handling • Ship Broking & Chartering • Military Goods Handling • Dangerous Goods Handling

TOPMOST SHIPPING LLC

Jebel Ali Freezone PO Box:66795,Dubai,UAE Call:+971 4 8832073 Fax:+ 971 4 8832072 Email:info@topmostgroup.com


ONSSI OFFERS FREE INFORMATIVE SYSTEM HARDENING GUIDEBOOK OnSSI is offering a free highlyinformative guidebook entitled, “Hardening Guide for Networked Video Surveillance Systems,” to help enterprises protect their systems from potential cybersecurity threats. The free downloadable guide provides specific recommendations on hardening video

surveillance systems by applying proven cybersecurity initiatives. “Hardening surveillance systems is a necessary and ongoing process to mitigate against potential cybersecurity threats and liabilities,” said Ken LaMarca, VP of Sales and Marketing, OnSSI. “We are thrilled to offer this comprehensive

hardening guide free of charge to help enterprises protect their system’s integrity, and maintain the highest levels of both physical and cybersecurity.” The OnSSI Hardening Guide for Networked Video Surveillance Systems includes guidance on password strength, how to avoid poor

CITRIX MAKES UNIFIED DIGITAL WORKSPACE AVAILABLE FOR NEW SAMSUNG DEVICES Citrix is extending support for new Samsung DeX-enabled smart phones and tablets that were recently unveiled at their Online (Galaxy Tab S4) and Live (Galaxy Note9) events including support for the new DeX APIs used to manage the devices, applications and user policies. Samsung and Citrix have been working together over the course of several years to provide a secure and easy-to-use digital workspace on Samsung devices for enterprise use cases including public safety, financial services, healthcare, retail and other field service organizations. With Citrix Workspace app, Samsung device users can access virtual apps and desktops, mobile and SaaS apps and data securely, while seamlessly moving between mobile devices and laptops or workstations to complete tasks. Citrix Unified Endpoint Management provides all the elements of end-user computing management in a single-platform solution that helps IT administrators securely manage their enterprise applications, desktops, and data from a secure digital perimeter.

NEW EMEA REPORT UNVEILS BOLD PREDICTIONS FOR THE FUTURE OF MULTI-CLOUD F5 Networks unveiled EMEA’s first ever Future of Multi-Cloud (FOMC) report, highlighting game-changing trends and charting adaptive best practice over the next five years. The F5 commissioned report was conducted by the Foresight Factory, which drew on its proprietary bank of over 100 trends and original research across 25 regional markets. It also features exclusive qualitative interview input from influential EMEA, global and Middle Eastfocused cloud experts specialising in entrepreneurialism, cloud architecture, business strategy, industry analysis, and relevant technological consultancy. “The Future of Multi-Cloud report is a unique vision for how organisations can successfully navigate an increasingly intricate, cloud-centric world. The stakes are higher than ever, and businesses that ignore the power of the multi-cloud today will significantly struggle in the next five years. While the GCC is encouragingly receptive

10

O CTO B E R 2018

TABREZ SURVE, VP - REGIONAL DIRECTOR, GULF & TURKEY, F5 NETWORKS

to what is now an imminent technological shift, it is crucial that we better understand the resulting opportunities and pitfalls moving ahead,” said Tabrez Surve, Regional Director, Gulf & Turkey, F5 Networks.

password practices, collaboration with IT and HR departments and how to apply software and firmware security updates. It also includes standard, advanced and enterprise cybersecurity best practices for cameras, servers and workstations and networks.

SUPREMA SHOWCASED GDPR-READY ENTERPRISE ACCESS Suprema showcased GDPR-ready enterprise access control solutions at Security Essen 2018 including its latest range of biometric readers, multi-band RF card readers, mobile credentials and access control software platform. At the show, Suprema introduced BioLite N2, outdoor fingerprint terminal. BioLite N2 is designed for both the enterprise access control systems and time attendance applications with well blends Suprema’s technologies and innovative features. With a powerful 1.2GHz CPU and massive 4GB memory, BioLite N2 achieves incredible matching speed up to 20,000 matches per second and accommodates up to 10,000 users and provides instant matching results with minimal lag time. For reliable operation under extreme conditions such as outdoor installation and harsh climate, BioLite N2 features a rugged IP67 structure with a class-leading operating temperature range between -20 to 50 C. The device also features illuminated keypad and high-contrast GUI for better visibility under various lighting conditions. To answer emerging demand of mobile credential technology in EU market, Suprema will reveal its latest development of mobile credential technology.


WE HELP YOU BUILD A DATA-CENTRIC STRATEGY We’re in a new world: data is now a strategic asset, and enterprises will need data-centric strategies to succeed and thrive. So it’s time to re-think IT infrastructure from the bottom-up.

Visit Pure Storage at Gitex 2018: Booth A7-10 Hall 7

purestorage.com


RADWAN MOUSSALLI, SENIOR VP FOR MIDDLE EAST, CENTRAL ASIA AND AFRICA, TATA COMMUNICATIONS

ON A

MISSION Sitting at the Tata Communications office during their recent launch of the SOC, the team said that they are on a mission to improve the standards and quality of cyber security across the globe. And how they plan to differentiate themselves? Read on. n B Y: A N U S H R E E D I X I T < A N U S H R E E @ G E C M E D I A G R O U P. C O M ) > n P H O T O : S H U T T E R S T O C K

G

local’ is the go-to-market mantra for the digital infrastructure provider— Tata Communications. Global presence and local expertise is what drives the core

12

O CTO B E R 2018

functionality of the service provider. The launch of the UAE SOC was also a striking reflection of this. Tata Communications has unveiled an advanced cyber security response centre in Dubai, the facility of which was jointly inaugurated by His

Excellency Mr. Omar bin Sultan Al Olama – UAE Minister of State for Artificial Intelligence and His Excellency Mr. Navdeep Suri, Indian Ambassador to the UAE. The vison of the cyber security response centre


C R SRINIVASAN, CHIEF DIGITAL OFFICER, TATA COMMUNICATIONS

is to provide 24/7 cyber security services 365 days a year, to help customers stay one step ahead of evolving cyber threats in the Middle East region. Radwan Moussalli, Senior VP at Tata Communications for Middle East, Central Asia and Africa says, “When a breach happens, why blame only the CISO? Security is the responsibility of the entire community. Security lies at the core of Digital Transformation, which is no more a buzzword. And, there is no security without trust. The brand Tata Communications advocates this ‘trust’ being a global service provider. We believe that we have a responsible role to play in this society and we are accelerating digital transformation by advancing our core competencies. The adoption of connected digital technologies and applications by consumers, enterprises, and governments is growing at a rapid pace in the Middle East. Therefore, the Dubai Cyber Security Strategy was launched with the aim to provide the UAE with the right tools and services to make it a leading region in terms of cyber security. In line with this significant vision, Tata Communications is providing the framework for the UAE to realise its goals. Our cyber security response center in the

UAE is an effort in the direction to help governments and large organizations in various vital sectors of the region in handling and mitigating cyber threats.” Srinivasan CR, Chief Digital Officer for Tata Communication said that the launch of the cyber response center is a step further in reiterating their commitment to the security market as a trusted partner who are not only improving the infrastructure, but also improving customer experience and creating a difference in the same. “As you go forward increasing the number of interfaces that you provide for the customer, you are increasing the threat vector as well. Thereby, it is absolutely important to work with a framework. We call it the MIST framework – Managed Integrated Secure Transit. This is where you a partner who is updated on the local industry activities and possess a global footprint.” He also adds that today, security and privacy are adjacent. Privacy is no more a myth. There are 120 countries across the world which have a data protection law. “When we talk about privacy there are two critical aspects. In one of a recent CISO event we brought up this point that earlier there was a

quantified security risk, now there is a privacy risk that cannot be quantified…” adds Srinivasan. Radwan says that the launch is a leapfrog achievement for the company. This is one of the many investments that Tata is making in security. The Dubai launch marks Tata Communications’ fourth dedicated security centre, after Chennai, Pune and Singapore. As a global network provider with connectivity across 200+ countries and a global cloud service provider, Tata Communications is uniquely positioned to provide security across today’s borderless enterprise “You will steadily see us as a strong player in SOC with great granularity in our services. We have a DNA different from others. Our fundamental fabric excess in terms of terms of operating entity, network and all these capabilities exist from where we are building the bedrock of this transformation.” Very soon, we would also see the company extending partner SOCs that would help the traditional partners to mirror the standards and framework of Tata Communications’ cyber security standards and fill the gap of managed security services in their portfolio. Recently, Tata Communications also partnered with SASTRA Deemed University in Tamil Nadu to fund and establish a cyber security lab at the university. With this partnership, Tata Communications aims to co-create an ecosystem by partnering with universities globally to address cyber-security challenges today, while building the skills and capabilities for tomorrow. Tata Communications has a comprehensive portfolio of cyber security services built on its multi-layered, integrated, secure and trusted security framework. The cyber security response centre forms the heart of the execution capability for this framework. The Dubai cyber security response centre facility showcases the core capabilities: a combination of processes, platforms, and governance, competencies and best-in-class technologies to combat ever-growing cyber threats. It is powered by a host of sophisticated tools and platforms including Security Information and Event Management (SIEM), cyber threat intelligence, cloud-based protection technologies like web-application firewalls and an attack prediction analytics platform, amongst others. All of this flows into a customer portal to present a comprehensive security posture dashboard view. If we sit down to phrase the SOC in one phrase, Tata Communications’ is aiming to ‘present a comprehensive security posture dashboard view that has a global standard but a local flavor’. As Radwan says in his signing off statement, “It is not only about the investment in infrastructure, but the subject matter expertise that our team has and this makes this SOC different. This is a global machine working locally.” ë

O CTO B E R 2 018

13


COVER STORY

2018 SECURITY INSIGHTS As the breaches continue to roll on, Cyber Sentinels, in its last issue for this year takes a look back at the 2018 security market, the most damaging breaches and the defensive measures. Read on...

n B Y: D I V S H A B H AT < D I V S H A @ G E C M E D I A G R O U P. C O M > n P H O T O : S H U T T E R S T O C K

B

reaches, breaches and more breaches! Every time I write on the security market, I have a new breach to talk about. Data breaches have affected many lives on multiple levels â&#x20AC;&#x201C; from social apps to retail stores to companies we have trusted to keep our personal information safe like Equifax. Last month, a Japanese cryptocurrency exchange, Zaif lost $60 million worth of company and user funds. The company discovered the hack on September 17th and confirmed it a day later when it reached out to authorities and reported the incident. According to Zaif, the hack took place

14

O CTO B E R 2018


on 14th September between 17:00 and 19:00 local time, when the attacker transferred three types of cryptocurrencies from the company’s “hot wallets.” As we become more connected and more reliant on data, the organizations we trust, becomes more vulnerable to the attacks.

So how has the market been so far this year? How high was the risk in the Middle East and Africa and how did the region respond/prevent?

THE MIDDLE EAST SECURITY MARKET Although, the Middle East is at the forefront of

adopting new technologies, it is still vulnerable to cyber-attacks. The mainstream sectors like Oil & Gas, BFSI, government are the most targeted in the region. Irrespective of size or sector, any organization can be a target or will be in the near future. The only way out is – DEFEND! In the UAE, a total of 274 cyber-attacks

O CTO B E R 2 018

15


HARISH CHIB, VP – MEA, SOPHOS

“Pouring more and more money into individual point security solutions is no longer a realistic long-term solution,” JEFF OGDEN, GENERAL MANAGER, MIMECAST MIDDLE EAST

“Mimecast guarantees the overall stability of your entire email environment before, during, and after an incident,”

FADY YOUNES,

CYBERSECURITY DIRECTOR – MEA, CISCO

“Cisco delivers on its vision of intelligent cybersecurity for the real world with the most comprehensive advanced threat protection portfolio of solutions and services,” 16

O CTO B E R 2018

ALAA HADI, REGIONAL DIRECTOR – HIGH GROWTH MARKETS (RUSSIS/CIS & MIDDLE EAST), NETSCOUT ARBOR

We have always recognized the need of efficient workflows in any cyber security product so that it would be relevant in the overall cyber defence architecture,”

targeted government and private sector entities during the first 7 months of the year, decrease of 39% compared to 2017. According to the TRA’s statistics, 45 cyber-attacks involved fraud and phishing and a further 26 aimed to leak information. The other attacks involved defamation and other purposes. The TRA has launched awareness campaigns, seminars, workshops, etc to promote cyber safety. The TRA also launched ‘‘Emirates Cyber Ambassadors Initiative’ as part of its information security awareness campaigns, which aims to train elite students in UAE schools to represent the team as ambassadors in promoting and spreading cybersecurity awareness across the UAE. In May this year, the Dubai Police launched the e-crime platform to receive e-crime reports from members of the public through the website www. ecrime.ae Talking about this in the recently held GEC Security Symposium, Colonel Saeed Al Hajari, Director of the Cybercrime Department at Dubai Police said – “The launch of the service comes in line with the Dubai 2021 Plan and the goals of

the Department of Electronic Investigations at the Dubai Police on the Internet through an easy design that serves the public and facilitates the process of receiving complaints and contributes to the rapid response by departments and police stations according to their jurisdictions.” The Vice President of Sophos for the Middle East & Africa region, Harish Chib says that organizations have realized the need of a layered approach to security, one where products connect and share information. Pouring more and more money into individual point security solutions is no longer a realistic long-term solution for them.

THE BIGGEST BLIND SPOTS OF 2018 It is no doubt that hackers are constantly looking for new sophisticated methods to infiltrate organizations. Data theft and malicious infiltration are two of the biggest blind spots in cyber security says Mohammad Jamal Tabbara, Senior Systems Engineer – UAE & Channel at Infoblox. “Mainly blind spots in security start when the safety of the existing running services and protocols are


RAY KAFITY, VP – META, ATTIVO NETWORKS

“Deception provides an extremely efficient approach for reducing dwell time and gives organizations the upper hand against cybercriminals,” MOHAMMAD JAMAL TABBARA, SENIOR SYSTEMS ENGINEER – UAE & CHANNEL AT INFOBLOX.

“Data theft and malicious infiltration are two of the biggest blind spots in cyber security”

JOHN PESCATORE,

DIRECTOR OF EMERGING SECURITY TRENDS AT THE SANS INSTITUTE

“In the Middle East, organizations typically have smaller IT teams than their Western counterparts and therefore have little time to keep on top of new threats and technologies,”

taken for granted, or when the cyber security individuals are oblivious from the latest threats or the potential misuse of the available services,” he added. Fady Younes, Cybersecurity Director – MEA, Cisco says – “One of the main security blind spots in the enterprise are unmanaged devices. As more organizations embrace the need for mobile technologies, the more employees are able to share and access sensitive data outside the corporate network. While mobility can lead to increased productivity and efficiency, there are also risks associated with it.” Although organizations have become vigilant, they need to move and adapt quickly to stay ahead of the attacks. “The right security staffing resources combined with employee awareness and education are key. Organizations need to invest in third-party threat intelligence, continually assess and deploy leading technologies, conduct ongoing threat analysis, automate remediation services and deliver inline user education to help employees be more aware and guarded,” explained Jeff Ogden, General Manager, Mimecast Middle East. A look at the past data breaches also points out at the human behaviour as one of the weakest links in the security space. “Many of the data breaches and other security incidents, and something as simple as an employee clicking on a link in a phishing email or inserting a USB key into a company computer can set off a chain of events that has both financial and reputational consequences for the organization involved,” says John Pescatore, Director of Emerging Security Trends at the SANS Institute

THE DEFENSIVE METHODS There is no such thing called ‘un-hackable’ system. There will always be both technical and human

points of vulnerability, no matter how much the organization invests or how sophisticated the systems are. In 2018, organizations are adopting innovative approaches to cybersecurity in order to avoid falling victim to data theft, a ransomware attack, or impact to critical controls that delay operations or even impact human safety. Ray Kafity, Vice President – META, Attivo Networks says – The biggest threat posed by cybercriminals today is their ability to remain undetected in the network for months, once they have bypassed perimeter defences. To stay ahead of modern attackers, organizations should consider adding deception-based detection technology to their security arsenal for early detection and accelerated incident response. Deception provides an extremely efficient approach for reducing dwell time and gives organizations the upper hand against cybercriminals. Alaa Hadi, Regional Director – High Growth Markets (Russia/CIS & Middle East), NETSCOUT Arbor believes that large enterprise organizations are struggling with cohesive visibility into their networks as they grow and partially migrate into public or private clouds. “Having a panoramic view on the network, combining visibility into North-South and East-West traffic flows would be necessary to overcome this issue.” However, with more organizations willing to invest in protecting their business from a breach, hopefully we shall see less attacks next year. In 2017, with the major cyber attacks making their way to headlines have made any good, it is drawing attention to the problem which is the reason the attacks have lessened this year. The organizations are taking cyber threats seriously and are willing to invest more making sure the attacks don’t go any worse. If they turn out successful or not, let us see next year. At the end of the year (day), goals are simple - safety and security. So, DEFEND! ë

O CTO B E R 2 018

17


CISO SPEAK

CISO TRANSFORMATION FOR A SUCCESSFUL BUSINESS TRANSFORMATION Sir Isaac Newton once said, “Insanity is doing the same thing over and over, and expecting different results”. Gartners and Forresters of the world have different definitions for Digital Transformation, my Definition of Digital Transformation is “Making Science Fiction a Reality”. Rapid advances in technologies such as Cloud and Fog Computing, Big Data Analytics Mobility, Blockchain, Social Media, IoT, Wearable Devices, Artificial Intelligence and Machine Learning have been driving the Digital Transformation. Digital Transformation results in disruptive innovation, enables unprecedented opportunity to increase business agility and growth. Hence it may be detrimental to prevent or delay digital transformation as the business may lose the first movers’ advantage. As the legend goes, Steven Sasson an employee at Kodak invented the first digital camera and filed a patent in Kodak’s name. Kodak’s marketing department resisted it for the fear that digital camera would cannibalize film sales especially because Kodak had a virtual monopoly on the United States photography market, and made money on every step of the photographic process. By the time Kodak themselves embraced digital cameras, it was too late and it had to file for bankruptcy in 2012. Maintaining business resilience and security in the age of Digital Transformation is a challenging but essential element for the success of Digital Transformation. It is important to understand the evolution of threat landscape. Traditionally, security attacks were mostly financially motivated, not so sophisticated, were targeting businesses not customers, were done using readymade tools mostly by Script Kiddies, were not persistent and were easier to detect. There used to be minimal or no collaboration among attackers. Attackers used to gain limited publicity due to absence of social media. The current threat profile in contrast has

18

O CTO B E R 2018

emerged to financially and politically motivated attacks that are highly sophisticated and leverage bespoke tools, are difficult to detect, difficult to recover from and target both businesses and customers. The hackers benefit from higher degree of collaboration by leveraging underground communities and the impact is magnified, thanks to social media. Cybercrime has developed into an organized crime, modern day hackers are well funded by crime organizations and anti-state agencies and often consider ROI (Return of Investment) of attacks. This has resulted in Organized Cybercrime and Threat Monetization. With development of Hacking as a Service, it is now possible to hire hackers or their services or purchase bespoke tools developed by them. As a result, Cyber Extortion using Ransomware, DD4B i.e. DDoS for Bitcoins, Cyber Warfare by Nation State Actors, Cyber Aided Kidnapping by hacking cars, Cyber Terrorism by hacking critical infrastructure, Cyber Espionage by Hacking IoT and not to forget Cyber Murder by Hacking medical devices such as digital pacemakers is very much possible. Convergence of Physical and Logical Security necessitates the need for safety beyond the cyber world. It is no longer about safety vs. security, now it is about Safety and Security. Security is getting important for all kinds of businesses - even the likes of Ashley Madison went bust following a security breach. Unfortunately, there is no silver bullet to protect from such emerging cybercrime. With such a transformation of the hackers and the threat profile, the pressing need of the hour is the transformation of the CISOs. Traditionally, most CISOs have been following a compliance driven security model and keep talking technical jargon thereby scaring stakeholders. Their Security Strategies have often been vendor driven rather than business driven. The CISOs have often been

nicknamed as the ‘Nay Sayers’ and the Information Security Departments have been dubbed as ‘Business Prevention Departments’. To facilitate secure enablement of Digital Transformation, Security Professionals need to be Business ENABLERs rather than show stoppers. CISOs should be passionate NOT paranoid about security and should view Security as a business issue rather than a technical issue. Security Strategy should be aligned with business objectives. CISOs should exercise Leadership, be a Change Agent, shift the mindset from Compliance Based to Risk Based and accept that Positive Security Risk is not a bad thing. CISOs should use business language instead of technical jargons. CISOs should not let personal relationships influence their decisions, should never take sides and listen to perspectives from all concerned stakeholders. It is crucial that CISOs integrate security risk management in business processes, take decisions based on comprehensive risk assessment, translate security risk into business risk, recommend effective controls to mitigate the risk and let the business enjoy known benefits rather than worrying for unknown threats. It is important to establish detection capabilities to detect breaches at the earliest, implement effective cyber security incident response processes to help the organization respond to a cyber security breach in a professional manner. It is also important to establish recovery mechanisms including but not limited to Business Continuity Management for ensuring operation of critical business services. In spite of modern technological advances, large organizations were forced to go back to the primitive days of pen and paper to continue the business as a result of sophisticated cyber-attacks. CISOs should not isolate themselves, but should engage with business, empathize with stakeholders, provide confidence and assurance.


while forgetting that a technical product is no good unless the governance processes around are established. It is high time that CISOs give adequate priority to continuous improvement of the fundamental building blocks of cybersecurity and develop robust governance processes associated with these controls. This will help CISOs in preventing their organizations and customers to be launchpads of security attacks

ONE MORE THING, THE OTHER SIDE OF THE COIN…

VIVEK SILLA, CO-FOUNDER, CISO LEADERSHIP

Vivek Silla is an experienced Cyber Security Governance, Risk Management, Compliance, Privacy and Financial Crime Prevention professional. He is the co-founder of CISO Leadership - an independent non-profit organization focused on addressing one of the most pressing gaps in information security, leadership skills. CISOs should develop good interpersonal skills, be team players, should be receptive to feedback and respect other’s opinions. Support from skilled, professional, dedicated and sincere team members is a key constituent for the success of any CISO, especially considering the global shortage of skilled professionals in the niche field of cyber security and the challenges associated with hiring and retaining such professionals. CISOs should engage with their teams to crowd source/team source their ideas. This helps to keep the team engaged, motivated and connected. CISOs should promote high level of integrity and ethics within the team. Motivating and retaining the team is a very crucial element for the success of any CISO

It has been a common phenomenon in the world of security that “Bad guys collaborate, good guys don’t”. It is high time that the CISOs break these silos and start collaborating mutually to make informed decisions, thus enabling to respond to attacks proactively and quickly. As Gordon B. Hinckley once said, “You can’t build a great building on a weak foundation. You must have a solid foundation if you’re going to have a strong superstructure”. Similarly, to have a mature cybersecurity program that enables secure digital transformation, it is very crucial to have a robust implementation of the cyber-security basic hygiene. A mistake that CISOs often commit is that they look at most of the controls as an implementation of technical products

In addition to facilitating digital transformation in a secure manner, CISOs may even leverage digital transformation for security transformation to provide competitive advantage to the business and enhance customer experience. According to a MasterCard Safety and Security Survey conducted in 2015, 77 percent of consumers believe new technologies in the payments sector are having an overall positive impact on personal security. For instance, Big Data and Cognitive Analytics based fraud detection and prevention systems may be leveraged to analyze numerous aspects of transactions as compared to only limited aspects being analyzed with traditional fraud detection systems. In this hyper-connected world where every device from the Smartphone, Smartwatches, Heart-rate monitors, Smartglasses etc. are connected to the internet, parameters such as Heart Beat, ECG etc. that are unique to an individual may be used for authentication by leveraging wearable devices and the Body Area Network (BAN) around a person thereby enhancing user experience while enhancing security. Voice based biometric authentication along with emotional analysis of the caller is another example. Besides authentication, the technology helps in analytics as it helps analyse caller’s state of mind. If the customer is happy, it is an indicator that there is an opportunity for cross selling. If the customer is angry or irritated, it helps to avoid sales pitches. The need for CISO transformation has been picking steam for some time now, but this wave of digital transformation has further necessitated for CISO Transformation. Modern day CISOs are becoming established contributors to Executive Management and the Board of Directors’ meeting agendas. This is perfect time for the CISOs to win the board, influence business strategy by changing their paradigm in order to facilitate secure digital transformation and leverage digital transformation to enhance security and user experience. ë

O CTO B E R 2 018

19


INTERVIEW

DELIVERING UNCOMPROMISED SECURITY With a mission to build trusted relationships with IT professionals by providing endless support and convenience, Dataguard MEA believes that their partner community is the driving factor for their success. technology vendors help us to extend digital footprints and an undeniable competitive edge,” said Deepesh Kumar, Technical Head, Dataguard MEA. Deepesh along with his team look after the technical enablement, implementation and maintenance.

DEEPESH KUMAR,

ABDUL GAFOOR,

RISHAN AHMED,

TECHNICAL HEAD, DATAGUARD MEA

SALES DIRECTOR, DATAGUARD MEA

CHANNEL HEAD, DATAGUARD MEA

How has the year been for Dataguard? What is the company’s mission as a Value-Added Distributor? This year has been progressing well despite several challenges in IT industry. Our great move this year was our unified lab and support centre in India for GCC and African. Our mission is to build trusted relations with IT professionals by providing endless support and convenience. Tell us in brief about your products and solutions. We represent ourselves as data management and security experts working with service providers, IT resellers and SI’s. Our data management products include cloud and on premise solutions in backup, High Availability & disaster recovery and data archiving. Our security products include end point security and control, data leakage prevention, insider threat management, etc.

20

O CTO B E R 2018

What is your go to market strategy? What does your partner ecosystem look like? Led by Sales Director, Abdul Gafoor unifies go-to market teams, that support data management solutions and security services. “Proactive partnering with clients by offering dedicated resources and operational excellence is our key winning strategy”, said Abdul Gafoor. Bringing these strategic business units under one organization, overseen by Channel Head, Rishan Ahmed and managed by a team of proven Account managers, enables us to be more flexible and provide complete solution delivery to our partners. “Our investment in sales and marketing will further strengthen our ability to help channel partners and customers,” said Rishan Ahmed. Over the years, Dataguard’s partner community has been the driving factor for our success. Dedicated resellers and SI’s are key driving forces that amplify our growth. “Our

How does Veriato employee monitoring software provide visibility into the online and communication activity of employees? Veriato is a comprehensive user activity monitoring solution that enables companies to log, retain, review, and report on employee activity when there is cause to do so. Veriato creates a definitive record of an employee’s digital behavior, and in doing so provides organizations with the ability to see the context of user actions. Veriato protects IT assets; monitor highly privileged users; reduce litigation risk and expense; improve efficiency and productivity, and ensure compliance with company policies. If you are at GITEX this year, what is your focus? How are you planning to align with the GITEX theme – ‘Experience Future Urbanism’? Our focus at Gitex will be on Data Leakage prevention and employee monitoring & on cloud services to make technology available widely to startup, SME and enterprises in one go. What is your roadmap for the year 2019? 2019 is going to be year of expansion. Accelerated growth in the region empowers us to invest in KSA and Africa. Also in 2019, we are launching fully automated multi-tier market place for our solutions to channel partners and customers. ë


Discover the Edge.

Smart Solutions. Real Business. Rittal solutions for the technology of the future. Edge computing enables enormous amounts of data to be processed directly at the place where they arise. Securely and in real time. Rittal prepares you and your IT infrastructure for new challenges - ďŹ&#x201A;exibly, economically, and globally.

Visit us at

Sheikh Rashid Hall Stand SR-E2

For Enquiries:

Rittal Middle East FZE Tel: +971-4-3416855 I Email: info-it@rittal-middle-east.com I www.rittal.com/uae-en

GITEX 2018_EMEA_Trim:200mmx290mm, Bleed:210mmx300mm


INTERVIEW

MITIGATING RISKS FOR SMOOTH BUSINESS

With over 14 years of real world software development expertise, InfoWatch believes that they are committed to becoming a leading enterprise level IT solution provider in the market empowering their customers with a mixture of best in-class technologies and services.

How has this year been for the company? Over the past year, InfoWatch Gulf completed 14 pilot implementations of InfoWatch solutions for Middle Eastern government agencies and major businesses, including six projects in UAE, and won several large customers. In addition, InfoWatch Gulf has been actively expanding collaboration with local government agencies to strengthen regional cybersecurity. In 2018, InfoWatch signed a cooperation agreement with the Government of the Emirate KRISTINA TANTSYURA, MANAGING DIRECTOR - MIDDLE of Ajman for new technology EAST, INFOWATCH deployment at government bodies and joint development of educational programs to foster IT and cybersecurity professionals. What are the various solutions you go to the market with? And how have they leveraged your position in the market? InfoWatch offers a wide range of information security products for the government bodies, financial organizations, telecommunication and Enterprise companies. All products are customized to market requirements. Among the advantages: machine learning elements, the world’s best linguistic analysis, the combination of a few types of data analysis technologies applied to a single object, full support in Arabic language. Our clients have access to consulting services - from data classification and security policies development to technical training of users.

22

O CTO B E R 2018

What does your partner ecosystem look like? At the moment, the company has about 30 partners in the Middle East countries. Our partners can always choose a level of partnership and a relevant partnership program. A partner can simply be an agent or a reseller, or they can complete technology certification through distance training based on our specialist programs, from pre-sale to implementation. In addition, optionally, partners can send their specialists to take the in-depth trainings at the InfoWatch training center in Moscow. In a sentence, define your organizations prime mission and vision? Currently we are at a whole new level of protecting and monitoring most essential corporate data of our clients and have proven ourselves as a robust and scalable solution provider capable of detecting and managing a broad spectrum of security and corporate reputation flaws. Our best-in-class security solutions help organizations maintain business workflow and operate in new, more efficient and innovative ways. If you participating in GITEX, what are you planning to showcase this year? InfoWatch Group will show Middle East customers a new version of its InfoWatch Traffic Monitor solution designed to ensure enterprise information security in Microsoft Office 365 cloud. The new version can protect information flows at organizations that use Microsoft Office 365, and prevent enterprise data leaks in a cloud environment. InfoWatch Group’s booth will also feature the prototype of InfoWatch Prediction, a User and Entity Behavior Analytics (UEBA) solution that proactively identifies leaving employees, thus minimizing related cybersecurity risks. What is your roadmap for the year 2019? We look forward to deepening our cooperation with Egypt and Saudi Arabia. Now we have 6 pilot projects in large companies and government agencies of Egypt. In Saudi Arabia, we are currently negotiating with several partners to bring our products to this market and probably open a representative office in this country. ë


FOUNDED IN 2009, VALTO HAS EXCELLED IN INCORPORATING THE LATEST TECHNOLOGIES AT THE WORKPLACE TO HELP OUR CLIENTS SCALE TO LARGER HEIGHTS.

Document Scanning and Indexing

-500,000,000 documents scanned till date -200,000 documents scanned daily. -100+ happy customers across 7 countries.

Document Management Systems

-Easy access to your information using simple yet

advanced documents tracking. -Reduce paper clutter and thereby improve your workplace efficiency.

Records Management Services

-We protect your important records from dust,

insects, fires and other hazards -Team with 20+ years on experience in Document storage and retrieval

SOFTWARE AND MOBILE APP DEVELOPMENT

Team specialized in designing softwaretailored to your business needs. IOS and Android applications. Cloud Develoopment- Amazon AWS Bluetooth Hardware integration Analytics and Tracking Performance expertise Augmented and Mixed Reality development experience.

OUR SERVICES

Virtual Desktop Infrastructure Products

-Access your data anywhere, at any time.

- Employ the highest security protocols to stay safe from hackers and malware. - Eliminate electronic waste in the office. - Consolidated storage of data within the company server, allowing you to access and review the work as it happens.

Office Address:

M-10, Al Wadi Building, Sheikh Zayed Road, Dubai, UAE

Testimonials

“VALTO’s approach towards addressing our requirement was very professional. They were able to complete the project much before the committed time frame and the quality of work is worth appreciating” -HR, SOCIETE GENERALE. “VALTO has been engaged with us in document digitisation. Their services were satisfactory and deserve mentioning.” -AGM, SBI “When it comes to document digitisation, VALTO is the relaible name. They are subject matter experts and it gives us pleasure to recommend them” -FM, HITACHI.

Website: www.valtotechnologies.com Tel. no:+971 4 323 5700 Fax no: +971 4 223 3080 Mob. No: +971 55 475 7208

VALTO INFORMATION TECHNOLOGY LLC


SANJEEV WALIA, FOUNDER & PRESIDENT, SPIRE SOLUTIONS

24

O CTO B E R 2018


ALIGNING THE RIGHT FORCES

Spire Solutions is stepping out of traditional security perimeters and ushering in a new dawn of redefined distribution. A highly skilled resource team and technology convergences from niche vendors is putting the VAD in a competitive position to solve the myriad of security challenges and enable organizations to derive desired outcomes. n B Y: A N U S H R E E D I X I T < A N U S H R E E @ G E C M E D I A G R O U P. C O M >

“HOST YOUR SAIL WHEN THE WIND IS FAIR” ANCIENT PROVERB

I

t takes an astute mix of experience, expertise, and technology combined with and a highly skilled resource team to shoulder the delivery of convenient or somewhat simplified security. Sanjeev Walia, Founder & President of Spire Solutions says that all aces are up their sleeves when it comes to redefining traditional distribution. As you read this piece, Spire Solutions is celebrating ten years of success in the region. Embracing proactive security measures and staying a step ahead of the threat lifecycle has been the driving force for the VAD in the decade. Today, when nefarious actors are playing their wicked foot forward in malicious activities, Sanjeev says that Spire, together with the vendors, and taking the right and best foot forward with a portfolio of niche offerings that do not create one problem while trying to solve the other.

2018—A QUICK FLASHBACK “Undoubtedly, 2018 has so far been an exhilarating year for us. Thanks to the convergence of cutting-edge technologies recently added to Spire portfolio, large customer projects and new resources that joined our team,” says Sanjeev. “Furthermore, we have recently signed three years Partnership Agreement with Gartner which will help us, our customers and technology innovation leaders to make informed decisions and embrace proactive security measures with desired outcomes achieved. As we mark a decade in business, this year we are celebrating 10 years of success which is, certainly, a major milestone for Spire Solutions.” The sign-up with Gartner is in line with the plans of Spire to scale up its presence in the region. The service agreement shall also allow Spire Solutions to tap into Gartner’s unparalleled expertise and bring global cybersecurity practices to the Middle East. “Our partnership with Gartner is a strategic initiative which allows us to promote best global information security practices and standards in the Middle East and, therefore, help numerous local organizations to solve myriad of challenges with data protection and effective risk mitigation. Spire Team collaborates with Gartner’s analysts that help provide insight on potential security threats early in the life cycle, technology heat map and top global technology trends, regional dynamics in cybersecurity and threat landscape, organizational vulnerabilities, challenges, priorities and a verity of

O CTO B E R 2 018

25


SOME NICHE, SOME NOVEL

PPV— Pay per Vulnerability: Pay only if you detect a vulnerability

EmailAuth.io: First security product that is a ‘Profit Centre’

Human Firewall.io: ‘Human Information Security Preparedness’ Index - a quantifiable metric

others high-value insight,” adds Sanjeev.

GRABBING THE BULLIES BY THE COLLAR Spire Solutions recently participated at the E-Crime Congress held in Abu Dhabi. Talking about the experience and the diverse customer interaction that they had with the customers during the event, Sanjeev says, “E-Crime Congress in Abu-Dhabi was a successful event for Spire Solutions and allowed us to showcase our solutions portfolio and meet new as well as existing Customers. Our keynote, strategic talks and technical break-out sessions covered critical aspects of information security and delivered valuable content to the audience of professionals tasked with safeguarding digital assets and sensitive data.” Sanjeev asserts that today digitization has forced enterprises to put traditional defenses on the back seat. Today cyber attackers are walking way ahead of the curve and their tactics are getting more sophisticated. Traditional prevention-based security solutions are no longer seen as a reliable line of defense against today’s cyber attackers. Attackers are getting more sophisticated and breaches are continuing to happen at unprecedented rates. Together with its vendors, Spire is paving way for new security approaches to enable organizations to detect a threat that has walked past the antiviruses and traditional perimeters.

A STICH IN A TIME SAVES NINE The chirpy bird once told the lazy crow, “Please repair your nest. The monsoon is soon

26

O CTO B E R 2018

Security Scorecard: Evaluates the external security posture against 10 parameters

approaching and the heavy winds could blow it away. The lazy crow replied, “You must learn to enjoy life. I can get it done in a jiffy. After all, it is a small hole.” Lack of proactive approach has been identified as one of the grave reasons for significant breaches that occurred, which could have been avoided. Spire Solutions goes by the code of ‘Best way of staying secure is to be one step ahead of the threat’ – a culture that is imbibed in all the solutions that they bring to the market. “We have seen that most of the organizations that have been successful in preventing or rapidly containing attacks have been proactive in their approach and used the judicious mix of technology and expertise. It is after all a cat and mouse game between the defenders and threat actors. So, when we choose our technology partners, we are cautious in seeing if they are ahead of the curve in that moment of time. That is a fairly good sign of what to expect from these technology partners. Combined with these technologies, our in-house expertise and we strive to keep our customers to be one step ahead,” says Sanjeev.

SECURING THE SIGNIFICANT ASSET Humans— the weakest link in security; and E-mail— the most taken-for-granted asset. A lot of researches and reports have been produced lately for the grave impact that results out of taking e-mails for granted. Significantly, on the other hand, it has been proven that humans play a critical role in opening up threat vectors to hackers. Spire Solutions portfolio has emphasized


on this with 2 niche solutions— EmailAuth.io and Human Firewall.io. “Indeed, both the products are exceptional. As we know, email is the largest attack vector. EmailAuth is an ‘EmailAuthentication as a Service’ platform that ensures no one can impersonate your domain or brand. It is the easiest uplift in cybersecurity posture overnight,” says Sanjeev. Email Authentication has been made mandatory in the US and UK by their respective governments. Many banking and financial regulators have made it mandatory as well. EmailAuth makes deploying DMARC a breeze, and we guarantee that the highest level of protection is achieved in record time. It is offered as a managed service. It operates at the DNS level and ensures that no one can send e-mail from you, except you. “It is the first security product that is a ‘Profit Centre’ because of the boost in deliverability it offers, and the superior ‘Visibility’ into your email traffic means you get total control over your most

used digital asset – Email,” he adds. Humans continue to be the weakest link in cybersecurity. This is among the most significant threats to any organization today. With HumanFirewall, they can be converted into a strong line of defense. “HumanFirewall makes “employeepowered” cybersecurity a reality by automating ‘individual’ based phishing simulation and gamifying cyber awareness training, to build ‘muscle memory’ against all sorts of cyber attacks, to ensure that attacks that bypass all technology layers, can finally be caught and remediated in record time. HF fortifies the Human Layer so humans protect where all technologies have failed. The HumanFirewall measures the HISP™ Index - ‘Human Information Security Preparedness’ Index - a quantifiable metric that measures your cybersecurity resilience, on an ongoing basis. Humans are the weakest link in Cyber Security. HumanFirewall transforms them into the most robust line of defense,” Sanjeev retorts.

Averaging 25% YOY growth for last 5 years. Service portfolio as of 2018: VA/PT, Attack, Simulation, Product Training

2019: Expansion of team, Region and Portfolio

OFFERING OUT-OF-THE-BOX While traditional VADs have been putting efforts in mirroring vendor offerings and serving as their extensions, Spire Solutions claims that they are not only doing this but going a few steps beyond as well with the deep-driven expertise. PPV or Pay Per Vulnerability is one of the unique innovation that the VAD has brought to the marketplace. “The idea behind PPV was straightforward. The maturity of organizations varies. Some organizations have invested a lot of efforts in keeping their information assets secure. It is unfair for them to pay the same amount as the ones who haven’t invested as much. So our value proposition is simple- pay only if we find any vulnerability. If we don’t’ you don’t pay us!!” says Sanjeev. With this, Spire has found a lot of resonance in the market and the number of organizations interested in this kind of service is steadily increasing. Security Scorecard is yet another solution that Spire is bringing to the customers to address the current cumbersome, manual and not-too-scalable security perspectives. “The solution provides external (internet facing) security hygiene of any company…. quickly, continuously and nonintrusively. An external hackers initial view of the organization. Security Scorecard evaluates the external security posture against 10 parameters including network security, application security, patching cadence etc, and produces a detailed and overall grade score. An organization can now quickly prioritize which 3rd parties to work with. Apart from 3rd party vendor risk management, the other popular use cases include self-assessment and monitoring as well as benchmarking against industry peers.” The system distinguishes itself with its ease of use, collaborative interaction with 3rd parties and simple licensing.

FINALLY

Key focus markets: META with major Focus on GCC

Major sign-ups: Security Scorecard

8 Vendors

Spire’s single point agenda is to manage the challenge of scaling up considerably and at the same time retain the same level of agility, flexibility and value add that the stakeholders expect from them. As Sanjeev walked me out of the office, I casually asked him about Spire’s revenue or turnover goals for the upcoming years. He pressed the lift button for me and said “Revenue is not a goal but a succession. If I am able to provide real value to my stakeholders, my customers, team members and technology partners then I know that I am on the right growth trajectory.” ë

O CTO B E R 2 018

27


INTERVIEW

EVOLVING. INNOVATING.

Our vendors and our channel partners appreciate and understand the value of our team, and enjoy working with them. And we’re never complacent, we live by the saying “if you do the same things, you get the same results”,

NATHAN CLEMENTS, MD, EXCLUSIVE NETWORKS

Tell us more about Exclusive Networks and your business models. Exclusive Networks is a global trusted Cloud & Cyber Security Value Added Distributor, with headquarters in Europe Exclusive Networks accelerates market entry and growth for innovative cybersecurity and cloud technologies. This makes us the go-to choice for vendors and reseller partners. Our business model of a single touch/multiple markets specialist distributor, is unique. We combine specialist value-added technical and marketing support, with the volume and reach of a global distributor. Reseller partners around the world rely upon us to boost their business opportunities and achieve new revenues from the changing technology landscape. Exclusive Networks continually challenges traditional distribution models, redefining value and creating

differentiation. What are you planning to showcase at GITEX this year? Gitex is one of the most important platforms for us as we can showcase our Cloud and Cyber Security solutions to a massive audience across 5 days. The past 2 years has seen Exclusive Networks Middle East rapidly evolve and adapt so we can remain relevant to our vendors and our customer base. We have been very focused on adding new vendors and setting up a new, highly passionate and energetic team, to work towards the group’s growth objectives.

28

O CTO B E R 2018

This year at Gitex we will be officially launching Exclusive Group’s first Cyber & Cloud super center. Our ideology revolves around conveying the message that we are a proven & specialized distributor not just in the Security realm but also Cloud. In the past few months, we have been training our partners on Cloud technologies, in addition to the usual Security workshops we host. We will also be launching our ‘Cloud Training Centre’ which enables us to deliver authorized and approved ‘Cloud’ training to technical and sales teams across the region. We have diversified & grown our portfolio which will be a major highlight for this year’s show. There are around 15 vendors we are actively working with as of today. Some of our new relationships with vendors will be formally launched at Gitex 2018. Vendors with EXN – Nutanix, Rubrik, Fortinet, F5, SentinelOne, Gigamon, Gemalto, Infoblox, Skybox, Ivanti, FireEye, Exabeam, Cloudian, Pure Storage & Mellanox. Tell us about your major partnerships, success stories We are enjoying a period of sustained growth. It’s easy to say this growth has come from our existing vendors and also the addition of new vendors and services. But in parallel to this we have a strong and highly motivated team which has allowed us to consistently deliver good growth. We have worked hard and have been successful in making Exclusive Networks a place where people aspire to work, and once here all of our team are constantly trained, and developed so they can be the best in their field. Our vendors and our channel partners appreciate and understand the value of our team, and enjoy working with them. And we’re never complacent, we live by the saying “if you do the same things, you get the same results”, so we meet regularly with our vendors and our partners and always look for ways to challenge ourselves so we are constantly improving and evolving. ë


INTERVIEW

PROVIDING DIVERSE SECURITY SERVICES With a mission to transform and secure business through innovation, Cyberteq enables its customers to take full advantage of the latest digital technologies and networks in a secure manner.

How has the 2018 market been for Cyberteq? What were the major challenges that you faced? This year was extremely important to us, mainly due to Cybersecurity. After two years of research, development and patent preparation, we introduced to the market a new cybersecurity solution called mUnit. The greatest challenge was the proper presentation of the solution. However, at GISEC in May 2018, we met with great enthusiasm for the solution and since then we have been gradually adapting the solution to the region’s customers.

MICHAL SUCHOCKI VP - SALES, CYBERTEQ

Tell us about Cyberteq. Since how long has the company been in the Middle East? Cyberteq is an innovative Information and Communication Technology Consulting Company. In the era of digitalization, Cyberteq enables its customers to take full advantage of the latest digital technologies and networks in a secure manner. The company was founded in 1997 in Singapore. In 2009, we opened office in Dubai to promote and provide services in the Middle East region, and we are already almost ten years old in UAE. Our mission is to Transform and Secure Business through Innovation.

30

O CTO B E R 2018

In the age of digitalization where data has the highest value, it is extremely important how we can protect our assets. How does Cyberteq Cyber Security services enable customers to effectively protect their business? With full confidence, I can say that the answer is our new solution mUnit. With mUnit, any kind and size of organization can have an effective and more importantly continuous cybersecurity assurance. mUnit is the innovative and affordable solution for every kind of organization. With Unique security knowledge, with software and hardware combination, mUnit brings the ultimate control of your company’s cybersecurity measures. mUnit provides assessment to identify and track vulnerabilities with related business impact. mUnit boosts your organization security by dynamic clearance of security gaps and adequate policies implementation. mUnit manages compliance to international security standards. With mUnit there is no more passive reports; it is pure action-oriented security measurements.

It transforms post security execution to dynamic risk mitigation and implementation. mUnit will provide control of all cybersecurity risk linked to increased accountability. With the rapid economic growth and increasing threat of cyber-crimes, many organizations in the Middle East countries recognised the need for an efficient cyber security system. How have your solutions supported the organizations? Cybersecurity services should not be a luxury any more. By creating our solution, we wanted to make cybersecurity more affordable. We have few types of subscription packages, which perfectly fit SMEs as well as big organisations. When it comes to efficiency, mUnit is a holistic cybersecurity solution. It is not only a vulnerability scanner; it is a powerful tool for risk mitigation, dynamic remediation and real time cybersecurity level presentation. One of your solutions is RPA. How is it different from your competition? Although the RPA is quite well known in US or Europe, it is a new service in Middle East. Cyberteq is one of the first companies offering such a solution in this region. One of the main differences is the range of service offered – Cyberteq provides RPA business advisory, by process mapping and preparation to implementation and support. Another one is RPA software, which contains among other things legacy applications, multi-skill & multi-process bots, intelligent OCR, stealth mode (not terminal) and the most important Cognitive and Machine Learning functionalities.


Visit us at Gitex 2018 Dubai World Trade Centre Hall 6, C6-01


GEC

SECURITY SYMPOSIUM 2018

32

O CTO B E R 2018


The inaugural edition of GEC Security Symposium and CISO Awards 2018, a brand-new presentation of Cyber Sentinels, truly did explore the meaning of what end-to-end security means in a digital enterprise. Held at the V Hotel, Dubai on 5th September, the symposium was welcomed by Anushree Dixit, Editor of Cyber Sentinels. The event witnessed the vision of the security experts through keynotes and demonstrations and also presented the CISO and security awards to the winners. The prominent CISO speakers were George Eapen, CISO of GE Global Regions and Vivek Silla, Co-Founder of CISO platform. While Kalle Bjorn, Director Systems Engineering of Fortinet spoke on the security fabric for next-gen business transformation, Mohammed Al Moneer, Regional Director MENA for A 10 Networks shed light on automating the cyber defense and rethinking security in a smarter world. Vibin Shaju, Director of Pre-Sales Southern Europe & MET, McAfee delivered an interesting topic on how Together is Power. The Symposium also had an exciting Business Transformation Powered Panel discussion. Business Transformation is the newly launched magazine by GEC Media Group which reflects the change to futuristic business. As a true extension to our existing tech and channel portfolios, BT talks the next gen business enablers and provides an unparalleled platform for organizations that are breaking the ice ceiling and putting forward some realistic projects in transformation. The panel discussion was moderated by Arun Shankar, Editor of BT and the key panellists were Adam El Adama, CISO of ADNOC Sour Gas, Saqib Chaudhry, CISO of Clevland Clinic Abu Dhabi, Safdar Zaman, IT Director, Nakheel, Binoy Koonammavu, CEO of ValueMentor, Ali Sleiman, Technical Director of Infoblox and Tarek Kuzbari, Security Consultant. The audience witnessed a breakthrough discussion on security in transformation. GEC Security Symposium added further engrossment in the audience when Col Saeed Al Hajri, Director of Cybercrime Department, Dubai Police delivered a speech on the present security trends, its consequences and the prevention. The Symposium was indeed a grand success and GEC Media would like to congratulate all the winners and thank all the sponsors. The Security Symposium has made it way to the 2019 and shall soon see you all there.

CISO WINNERS NAME

ORGANIZATION

Col. Saeed M. Al Hajri

Dubai Police

Shine Ibrahim

MAZ Investments

Saqib Chaudhry

Cleveland Clinic Abu Dhabi

Ahmed Alemadi

Dubai Municipality

Adam El Adama

ADNOC Sour Gas

Mansoor Ahmed Mughal

DFM

Mohamed Gamal Abdelmksoud

Al Zahra Private Hospital Dubai

Issam Zaghloul

Majid Al Futtaim Holding

Bittu Balakrishnan

Interserve International

Varun Vij

serco

Yousuf Alblooshi

Global Aerospace Logistics

Amit Bhatia

CYBER SENTINELS SECURITY AWARDS VENDOR SAI Global | HID Global SI DTS Solutions

Emad ALmuaybid

SABIC

Illyas Kooliyankal

Abu Dhabi Islamic Bank

Hariprasad Chede

NBF

Reseller

Kausar Mukeri

Invest Bank

ISYX | Cosmos UAE

Vivek Silla

Banque Saudi Fransi

Hussain AlKhalsan

Commercial Bank of Dubai

Arif Irfani

Sharjah Islamic Bank

Muhamed Noufel

Royal Continental Hotel Group

George Eapen

General Electric

Abubakar Arshad

TRA

Rehan Ikramullah Siddiki

VFS Tasheel International

Sunil Kumar Sharma

Aldar

Ankit Satsangi

Azizi Developments

Safdar Zaman

Nakheel PJSC

Irshad Mohammed

VPS Healthcare

Dr. Mohammad Khaled

Government

Hasan Isam Naser Muhi

Kuwait Finance House Bahrain

Basil Al-Suwaidan

Kuwait International Bank (KIB)

Abdullah Al-Omari

Etihad Etisalat Co. - Mobily

Aliasgar Bohari

Zulekha Hospitals

Mohammed Shakeel Ahmed

Abu Dhabi Aviation

Hend Salem AlShamsi

Municipality & Planning Department of Ajman

Bharat Gautam

DAMAC Group

Shailesh Mani

Flemingo International

36 WINNERS

ATTENDEES

75

CISOs/Information CTO B E R 2 018 SecurityO Heads/CIOs

25 Solutions Providers

33


34

O CTO B E R 2018


O CTO B E R 2 018

35


INTERVIEW

VALUE TO YOU Valto strides hand-in- hand with organizations to attain the heights of their vision by analyzing, assessing and applying necessary answers to the posed questions in order for the companies to achieve maximum productivity.

What does your partner ecosystem look like? We have been adding at least one good channel partner every month for last two quarters and are aiming to have a minimum of 10 more partnership with dedicated partners before the end of the year. In a sentence, define your organizations prime mission and vision? VALTO – “VALue TO You” that’s our promise, to our customers, employees and investors. If you participating in GITEX, what are you planning to showcase this year? We might participate with our partners this year. We may showcase Content Management Solutions and VDI Solutions

VINAYAN P, CEO, VALTO TECHNOLOGIES

How has this year been for the company? This year has been very good. We are marching towards 150% Revenue and Profitability Growth. What are the various solutions you go to the market with? And how have they leveraged your position in the market? l Capture, Workflow and Content Management

36

O CTO B E R 2018

Solutions, Digitization Services. l Virtualization and IT Infrastructure Solutions. l Cyber Security Solutions. l Mobile and Software Applications development The customers have accepted the solutions we propose as they find extremely good value for money. We have been able to sign up with Medium and Large Reputed clientele both, Government and Private organizations.

What is your roadmap for the year 2019? We will be adding one or maximum two more more product line. Digital platforms, IoT and Data Science are of our specific area of interest where we will be focusing in the coming year, other than specific areas of other enterprise applications aimed to ease SME customer growth. We plan to multiply our customer engagements, double the sales numbers in 2019 and are making firm program to achieve the growth with sustainable business model. We are actively considering to add more Value to our customers by entering into Physical Records/ information Management so as to provide end to end content / Information Management Services, for which the need is increasing day by day in UAE and GCC due to the latest VAT implementation. ë


CONTINUOUS APPROACH FOR CONTINUED SECURITY

With all these connected devices and hackers being smarter, CISOs are not promising any perfect prevention method. When people realise that perfect prevention is next to impossible in the present scenario, continuous response becomes the reality of enterprises. n B Y: C V A R YA D E V I n P H O T O S H U T T E R S T O C K

T

echnology is transforming and so is the business. One of the main reason we had to come up with a magazine focused solely on â&#x20AC;&#x2DC;Business Transfor-

38

O CTO B E R 2018

mationâ&#x20AC;&#x2122;. As businesses transform sue to digital revolution, approaches to security risk management also needs to change. That is the point put forth by Gartner when they introduced the Continuous Adaptive

Risk and Trust Assessment, also nicknamed as CARTA. CARTA came into being in 2017 and the hype started when Gartner introduced this strategic approach to information security.


ADAPT TO LIVE It is said that the Alaskan Wood Frogs freeze their body solid to survive the winter. They stop breathing and their heart stops beating which will let them survive to a temperature of as low as -80 degrees Fahrenheit. Adapt to live is an unwritten law of Nature and now it is the same case in the Information Technology Security as well. CARTA is an adaptive security architecture which promotes an approach of continuous adap-

tation to a changing security landscape rather than seeking to either block or allow specific interactions. In this digital world of modern business, it is a notion that some interactions must me allowed even when security is uncertain. Businesses have moved on to stop thinking in binaries with this approach. It is high time to realize that ‘allow or block’ policy won’t work. With a CARTA mindset, enterprises will have to make decisions based on risk and trust. ADAPT

ADAPT ADAPT that is the key word in this approach. There is no other option. Adapt in all ways, whether in terms of decisions, security or risk and trust. “Compromised accounts are today’s leading cause of data breach. In this age of access, trying to build policy that keeps data secure, without stopping user productivity, requires a massive security rethink. Risk-based access improves security and user experience,” said Kamel Heus,

O CTO B E R 2 018

39


CISO SPEAK MAHMOUD YASSIN, HEAD OF INFRASTRUCTURE AND SECURITY OPERATION, UNITED ARAB BANK.

KAMEL HEUS, REGIONAL MANAGER - MEA, CENTRIFY.

“Compromised accounts are today’s leading cause of data breach. In this age of access, trying to build policy that keeps data secure, without stopping user productivity, requires a massive security rethink. Risk-based access improves security and user experience,” Regional Manager - MEA, Centrify. “Risk-based access uses machine learning to define and enforce access policies, based on user behavior. Through a combination of analytics, machine learning, user profiles, and policy enforcement, access decisions can be made in real time to streamline low-risk access, step up authentication requirements when risk is higher, or block access entirely. Risk-based access control increases security by blocking high-risk access attempts from attackers, minimizes the hassles of MFA, and simplifies legitimate user access, with policy based on user behaviour profiles,” he added.

RUN/PLAN/BUILD Gartner says that CARTA can be applied in three phases: Run/Plan/Build. Run phase is also called the active deployments where CARTA allows enterprises to use limited resources to focus on the biggest threats. Here CARTA lets the organization to use analytics to focus only on the

40

O CTO B E R 2018

CARTA approach, Security business decisions and security responses are made based on risk and trust and continuously adapt to the context and learnings gained from each interaction. The block/allow binary-style assessments made in the non-CARTA approach are thought to be more dangerous over time, because they expose the organization to zero-day attacks, insider threats, credential theft, and targeted attacks. When trust and risk is dynamic rather than static, it is assessed continuously and managed with fine-grained “measures of confidence” that have varying risk and response attributes. There are three phases of IT Security where CARTA plays a role: Run, Plan and Build. In the Run phase, organization use analytics to focus only on the biggest threats and automate the majority of the incidents. Build phase, CARTA plays a role in DevSecOps, as teams identify threats and eliminate them from apps they are building and use things like a digital risk rating service to analyze open source components they may want to use. Plan phase, CARTA invites organizations to use analytics to determine the risks of things such as having employees change passwords frequently versus the productivity impact and decide how much risk to accept.

biggest threat and automate the majority of the incidents. With increasing hacking attacks, DevSecOps is a popular term we are hearing now. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow rather than being bolted on at the end. CARTA plays a role in DevSecOps in the build phase. Here teams identify threats and eliminate them from apps they are building and use things like a digital risk rating service to analyze open source components they may want to use. And then comes the Plan phase where CARTA invites organizations to use analytics to determine the risks of things such as having employees change passwords frequently versus the productivity impact and decide how much risk to accept.

REAP THE BENEFIT CARTA approach is said to bring down many of

the firewalls in businesses. This effect comes when software developers work with security teams to incorporate multiple security testing points into DevOps, the trend known as the DevSecOps. The security team is expected to identify threats that face an organization and eliminate them before releasing the applications as security will be in applications from early development stage. “Need for Speed” is one of the major look in the present market and with this approach, development teams will balance the need for security with the need for speed. As an assessment approach to security, CARTA relies on analytics of data. Machine learning and anomaly detection can help organizations to identify the threats that bypass their prevention system after the effective deployment of technologies. It will also aid in faster detection and automated response to security risks. And guess what’s the outcome? Something we all want. Less money and time being spend by enterprises on responding to security breaches. ë


14 - 18 OCTOBER 2018 DUBAI WORLD TRADE CENTRE

Experience Future Urbanism WELCOME TO THE LARGEST TECHNOLOGY EVENT IN THE MIDDLE EAST, AFRICA & SOUTH ASIA

Big on numbers. Bigger on opportunities. At the centre of the global tech revolution and the region’s digital transformation, GITEX Technology Week brings together the most powerful innovations influencing the future – right from AI to Smart Cities to Blockchain.

4.700+

100.000+

6.238

EXHIBITORS

VISITORS

MEETINGS SET

80%

16.000+

9

EXHIBITORS SECURED OVER 2 BUSINESS DEALS

GOVT & CORP BUYERS

VERTICAL CONFERENCES WITH 100+ HOURS OF CONTENT

*2017 onsite survey conducted through a third party company

JOIN US NOW AT GITEX.COM WITH THE EARLY-BIRD PRICES UNTIL 30TH SEPTEMBER 2018 FOLLOW US

To Exhibit

#GITEX2018

contact the team on +971 4 308 6566/ 6022/ 4090/ 6282/ 6077 gitexsales@dwtc.com

Organised by

Co-located with


CISO SPEAK

FIX.TRANSFORM. GROW

“The reliability and security of services offered by Telecommunications infrastructure is the key driver for digital growth of the country. I am fortunate to work with an extremely competent team here in Batelco that is capable of meeting the technology security objectives of the organization and by extension, that of the country.”

ABUBAKAR ARSHAD, HEAD OF INFORMATION SECURITY AT BATELCO

Tell us about the year 2018. What changes/evolution did it bring to your thinking or mindset as a CISO? 2018 has been a very significant year for me as a Security practitioner, where on one hand I have been fortunate to work as an advisor to the Telecom Regulatory Body and formulate a cyber-security strategy for the Telecom Sector than can help drive the security of the critical telecom infrastructure in the Kingdom of Bahrain. On the other hand, I have taken over a role of Head of Information Security in Batelco recently, this role will help me put in place practices and execute security initiatives to secure the National Telecom Operator. In terms of the mindset, I think I have been able to better align the technology development with the strategic direction of the sector (in my previous role) and the organization (in my current role).

You have recently joined Batelco as the security head. What are your plans and priorities in this position? I intend to lead with goals of “Fix, Transform and Grow” . It is important to ensure that essential security governance practices are embedded in the business processes of the organization. This would be followed by absolute business alignment of security where security can truly be used as a differentiator and subsequently create value for the organization and business. We need to then transform the security through a build versus buy approach in order to develop an optimized security model. This approach is also intended to identify critical job functions and underlying resource requirements that we need to build as an organization in order to meet the challenges of the future.

42

O CTO B E R 2018

Optimizing security model also includes a Green Security initiative in order to reduce the carbon footprint of the organization. What important role is played by telecom in securing the critical national grids and how competent is Batelco in the same? Telecommunications continues to play a vital role in the digital ecosystem of the country. The reliability and security of services offered by Telecommunications infrastructure is the key driver for digital growth of the country. I am fortunate to work with an extremely competent team here in Batelco that is capable of meeting the technology security objectives of the organization and by extension, that of the country. In brief, which technology of 2018 attracted you the most? Have you planned to implement the same in your organization? The answer would be blockchain obviously, due to its enormous potential and applicability to all sorts of areas and not just the financial industry. I am quite fascinated by the application of blockchain in the area of security. The endeavor is to develop a security engineering division that develops blockchain and AI based security solutions to answer some of the most pressing needs of the organization in an effective manner. In contrast, which technology of 2018 did you find futile/ non-relevant for the present and why? It will come across as a bit of a surprise but the areas of blockchain that present a challenge with regards to application security standards and wider use of this technology, makes the adoption of Blockchain a bit of a challenge for now. This is something we have throughout 2018. However, I expect this to be addressed by late 2019 or early 2020.. ë


MEET OUR EXPERTS Stand No. SR-B4, Sheikh Rashed Hall

SHAPING THE FUTURE Building The Worldâ&#x20AC;&#x2122;s Biggest Specialist In Cyber & Cloud Transformation MEET OUR VENDORS


SPECIAL STORY

DIGITAL WORKPLACES, VANISHING PERIMETER Effective use of BYOD’s is a meaningful differentiator as well as a competitive advantage for today’s organizations. But, what are its consequences to the business world?

44

O CTO B E R 2018


n B Y: D I V S H A B H AT < D I V S H A @ G E C M E D I A G R O U P. C O M > n P H O T O : S H U T T E R S T O C K

I

n a recent discussion with a friend who said – “Our IT department keeps lecturing us on the BYOD policies.” So, Mr. X and to all those people who think their IT department lectures them, imagine you wake up one morning to a pop up on your device – “Pay us 10 million dollars or we shall sell your information in the black market. We guarantee that we shall restore your services once we receive the payment, else delete all your data.” Hard to imagine? Trust me, this can happen! Generally, every active device brings new challenges to the security ecosystem.

In July 2017, the personal information of about 30,000 customers of the South Korean cryptocurrency exchange Bithumb was exposed when a Bithumb employee’s home computer was hacked. Customers say they have been targeted by voice phishing attacks, in which attackers call victims by phone posing as Bithumb executives and try to leverage the data they already have to gain access to victims’ accounts. In June 2018, Google fixed a location privacy leak in two of its products. The authentication weakness uncovered by a security researcher could leak location information of users of Google Home and Chromecast. The researcher

said that the attack works by asking the device for a list of nearby wireless networks and then sending the list to Google’s geolocation lookup. Besides leaking the user’s location, the bug can also be used to make phishing and extortion attacks. These are reminders that BYOD policies are not only for smartphones or tablets. Although, BYOD is not a new concept, but adding in wearables and IoT to the BYOD policies of organizations is an example of changing technology. As if enterprise IT department didn’t already have BYOD challenges to worry about, there’s a new player in town – Wearables! How are wearables and IoT impacting BYOD?

O CTO B E R 2 018

45


“Security must be built into the network infrastructure and act as a fabric that integrates network, access, device, and user security,” -RABIH ITANI,

REGIONAL BUSINESS DEVELOPMENT MANAGER – SECURITY MIDDLE EAST & TURKEY AT ARUBA, A HPE COMPANY

WEARABLES… THE NEXT BYOD CHALLENGE Modern businesses are full of connected devices that are often found to have privacy issues thereby attracting hackers. This could be anything from printers to a connected coffee machine to smartwatches. As per the report by Mordor Intelligence, the global smart wearable market was valued at USD 8.312 billion in 2017 and is expected to reach USD 35.36 billion by 2023. New concepts such as fitness gadgets, smartphones, connected objects like vehicles, appliances etc have the potential to further influence and change the Bring Your Own Device trend by diversifying it and making it more complex. BYOD can sure add value to a business but can also probe a risk if not carefully managed. Wearables and IoT have opened a gateway to new security challenges, adding more pressure on IT professionals to step up their game believes Amir Kanaan, Managing Director for Middle East, Turkey and Africa, Kaspersky Lab. “The modern workforce demands the ability to work with corporate data anywhere they want, on a variety of devices. Laptops, wearables, and smartphones being used outside of the company perimeter have to be protected just like those behind firewalls and under the network protection solutions in the office. IT departments in organizations need to tighten control of software

46

O CTO B E R 2018

“IT departments in organizations need to tighten control of software and apps, web and e-mail, as well as protection from malware and loss/theft using modern methods,” -AMIR KANAAN,

“With IoT and wearables, one of the biggest immediate problems still is that a lot of these devices were built without any thought spend on IT security,” -GERHARD GIESE, AKAMAI SECURITY SOLUTIONS ENGINEERING MANAGER

MD – META, KASPERSKY LAB

and apps, web and e-mail, as well as protection from malware and loss/theft using modern methods,” he says.

WAYS TO OVERCOME THE CHALLENGE Employees/ businesses do not need to sacrifice the benefits of wearables, BYOD and IoT due to the potential risks. If an organization is willing to allow wearables to become a part of BYOD, they simply need to apply the same strategies to them as they do to the rest of the mobile devices. Gerhard Giese, Akamai Security Solutions Engineering Manager says “BYOD requires a rethink of security boundaries. While in the past we were generally considering in front and behind the firewalls, we now have to divide not by location but utilising the need to know principle. This requires to only allow access to services only if these are actually granted as even access to the log on page already bares a risk.” Driven by the demands of enterprise mobility, BYOD, cloud and IoT, Aruba saw the need for a different design approach to connecting and securing networks. “Aruba is now changing the paradigm with the Aruba 360 Secure Fabric, an enterprise security framework that gives security and IT teams an integrated way to gain back visibility and control. It allows you to detect gestating attacks with machine-learned intelli-

gence, and proactively respond to these advanced cyberattacks across any infrastructure – with the enterprise scale to protect millions of users and devices and secure vast amounts of distributed data,” said Rabih Itani, Regional Business Development Manager – Security Middle East & Turkey at Aruba, a HPE company. Also, when it come to wearables and IoT, the IT department should guard the networks more than the devices. The networks should be monitored for any unusual activity. Considering a few of the following options would be the best – • Either allow employees with the most secure wearables to use their device or purchase secure wearables for them • Design a BYOD policy to help mitigate risks • Invest in Mobile Data Management Solutions

LOOKING INTO THE FUTURE BYOD is undoubtedly has become a part of today’s enterprise world. It has enhanced employees to improve their services by providing them with a convenient way to work. In the near future, employee BYOD use is expected to become more complicated. As per the predictions, BYOA (Bring Your Own Apps), BYOC (Bring Your Own cloud) and BYON (Bring Your Own Network) will be the potential hurdles for companies. ë


THREAT DECODED

CRYPTOCURRENCY

SECURITY

WHAT IS CRYPTOCURRENCY SECURITY? Cryptocurrency came out popular in the market in the year 2009. Cryptocurrency, a decentralized system that operates with no servers where participants are allowed to make transactions, seemed like a good idea. The security of cryptocurrency came into concern then. Cryptocurrency security deals with attempts that try to obtain digital currencies by illegal means through phishing, scamming or hacking and the measures to prevent unauthorized cryptocurrency transac-

48

O CTO B E R 2018

tions and storage technologies.

LAYERS OF CRYPTOCURRENCY SECURITY Cryptocurrency security basically deals with 3 layers. If there is an issue with the first layer in a coin protocol, the entire system will be compromised regardless of hoe secure the second and third layer is. n Protocol: If the protocol is flawed, the system will be exploited putting the network at risk. Having the coins in possession will hence put you

at risk regardless of the wallet or exchange. There are two types of currencies, those being coins and ICO-issued tokens. n Exchanges: Various exchanges have unique code and infrastructure security which is separate from blockchain. Exchange is hence similar to a decentralized data center or cloud service. This results in exchange being more vulnerable to hacking than a decentralized service build on blockchain. n Wallet: In wallet, there are two options: hot wallet (website-based wallet or account on an


exchange) or cold wallet (hardware, software or even paper). When using a hot wallet, coins and tokens are under the control of whoever provides you with the wallet and not the user.

CRYPTOCURRENCY SECURITY IN NEWS August, 2018: Atlas Quantum, a cryptocurrency investment platform, revealed a security incident that exposed the personal details of about 261,000 users. The company said that it learned of a security incident and that it is both investigating

the incident and working with the proper authorities, though the disclosure provided little details about the event. The compromised information includes names, phone numbers, email addresses and account balances of Atlas Quantum users. January, 2018: One of Japan’s largest cryptocurrency exchanges has revealed that it’s lost nearly $400 million in a security breach. Coincheck says that it has restricted deposits and withdrawals for a cryptocurrency called NEM, and Bloomberg reports that 500 million NEM tokens have been sent from the company “illicitly,” and that it’s not

sure how. The company has since suspended most trading and withdrawals, and is working to trace where the missing digital currency ended up. In a Tweet, the exchange said that it was considering compensating those who lost money. December, 2017: Hackers made off with nearly $70 million from a major cryptocurrency-mining service NiceHash. The Slovenia-based company announced the security breach on its Facebook page and stopped operations for 24 hours. The NiceHash hack is the 4th largest breach in cryptocurrency history. ë

O CTO B E R 2 018

49


GUEST ARTICLE

CLOUD COMPUTING TOPS LIST OF EMERGING RISKS As the use of cloud computing spreads to support digital business efforts, risk executives are wary of emerging cloud-based data management risks.

Cloud computing is growing in popularity and has become a solution for issues that have plagued organizations and overtaxed IT departments for years. In fact, the number of cloud managed service providers is predicted to triple by 2020. While executives are keen to expand into cloud services and make them an integral part of their digital business initiatives, there are concerns. Specifically, risk executives are eyeing the emerging risks around the chances of unauthorized access to sensitive or restricted information — or the possibility that the cloud provider won’t be able to provide access to information as a result of disruption in their own operations. Extreme financial and reputational damage has yet to occur as a result of cloud computing failures, but the possibility worries risk executives nevertheless. Despite the advantages, cloud computing comes with an added vulnerability if data is stored incorrectly or if the provider’s own security is compromised. To mitigate these risks, executives will need to guarantee that their cloud security strategy keeps up with the pace of this growth. Recent regulatory changes, such as GDPR, and growing scrutiny at the board level about cybersecurity mean the risks associated with what has become a standard business practice are on the rise.

MATTHEW SHINKMAN,

GARTNER PRACTICE LEADER

CLOUD RISKS ARE AN EMERGING CONCERN Every quarter, Gartner surveys senior risk executives at leading organizations to identify the top risks to their company that are new and unforeseen and whose potential for harm or loss is not yet fully known or has yet to rise to an area of significant concern. If a risk appears in four

50

O CTO B E R 2018

consecutive quarters, it is no longer considered ‘emerging’ so is removed from the risk list. In the latest Emerging Risks Report and Monitor, the majority of risk executives reported being most concerned about the probability and impact

of potential data risks associated with cloud computing. To properly vet whether cloud computing presents a risk and better inform security decisions, risk executives should be especially alert to the following key risk indicators: • Rising proportion of data stored in the cloud • Changes in product offerings or contract terms from cloud provider(s) • Growing percentage of non-cloud provider third parties with access to data in the cloud • Unauthorized employee usage of cloud services The latest report, which surveyed 110 global executives, also found the following emerging risk events to be of the greatest concern to senior risk executives: 1. Cybersecurity disclosure. The guidelines for disclosing cyber breaches will soon become more clearly enforced. With organizations compelled to release breach information much more quickly than in the past, it could lead to a greater negative impact on the enterprise. 2. General Data Protection Regulation (GDPR). The possibility of a specific compliance breach has become more of a risk since the regulation’s enforcement May 2018 deadline as significant fines can now be imposed. 3. AI/robotics skill gaps. Due to the highly technical and specific skill set required for artificial intelligence and robotics, companies may lack the right capabilities to effectively capitalize on the opportunities associated with these technological advances and could become less competitive as a result. 4. Global economic slowdown. The risk that a slowdown in the global economy tied to negative or near-zero percent interest rates will negatively impact firm growth. ë


PRESENTS

TECHTALK AND META CIO AWARDS

25.AUG.2018

07.SEP.2018

VENUE: GHANA

12.NOV.2018 VENUE: KSA

VENUE: KENYA

07.NOV.2018 VENUE: BAHRAIN

27.OCT.2018

20.NOV.2018 VENUE: QATAR

VENUE: EGYPT

27.NOV.2018 VENUE: KUWAIT

GET READY FOR A ‘NEVER-SEEN-BEFORE’ CIO ROADSHOW IN THE META REGION

NOMINATE NOW

BROUGHT BY

Profile for GEC Media Group

Cyber Sentinels October 2018  

Aligning the right forces

Cyber Sentinels October 2018  

Aligning the right forces

Advertisement