ISSUE 42 | OCTOBER 2019
WWW.TAHAWULTECH.COM
DATA IS POWER VERITAS TECHNOLOGIES’ JOHNNY KARAM ON WHY ANALYTICS IS KEY TO UNLOCKING THE TRUE VALUE OF DATA
WINNERS REVEALED: FUTURE SECURITY AWARDS 2019
SECURING SMART BUILDINGS IN THE IOT ERA
HOW VENDOR ALLIANCES CAN STRENGTHEN CYBER DEFENCES INTERVIEW: PALADION’S AMIT ROY
GITEX 2019: KEY PLAYERS TO WATCH
Want to find out more about a new approach to managing your data? Come and talk to us at GITEX 2019, Stand #E20, Hall 7, DWTC, Dubai, UAE
CONTENTS
34 36
14
DATA IS POWER
40
Veritas’ Johnny Karam on how enterprises can harness the value of data
6
GITEX 2019
What to expect from some of the security players at GITEX Technology Week
A DIGITAL 31 BUILDING FORTRESS
Securing smart buildings in the IoT era
18 FUTURE SECURITY AWARDS
42
THE COST OF A DATA BREACH
28 BETTER TOGETHER
48
GARTNER INSIGHTS
Security Advisor ME and TahawulTech.com celebrate leadership and innovation How vendor alliances can strengthen cyber defences
How heavier penalties on cyber incidents are pushing enterprises to get security right Why enterprises need to embrace gender diversity in security roles
EDITORIAL
BIRD’S-EYE VIEW Talk to us: E-mail: adelle.geronimo@ cpimediagroup.com
Adelle Geronimo Editor
Cyber-attacks are inevitable. Today’s enterprises are realising that it is no longer a question of “if” a breach happens but “when.” As security threats continue to grow in complexity and volume, visibility is becoming crucial now more than ever. After all, you can’t protect what you can’t see. According to a report by Cisco, a hacker could remain undetected within networks for an average of 100 to 200 days. While some advanced, specially targeted threats can go undetected up to several years. Threat actors are increasingly becoming more creative in how they penetrate networks and growing number of endpoints within organisations can make it even more cumbersome for security teams to spot vulnerabilities. That’s why it’s so important for organisations to understand how they can leverage their data to gain deep insights and achieve strong visibility into their systems. By gaining better visibility across their whole infrastructure, businesses can get a better view of what assets are most critical and are vulnerable to attacks. By
seeing more, organisations can understand their environments better, adapt to the current threat landscape, fine-tune defences and ultimately make better decisions when protecting their data. These sentiments were echoed by Veritas’ regional vice president – Emerging Market, Johnny Karam who is featured on the cover of this month’s issue. Karam shared three key pillars that the organisation leverages to enable enterprises translate their data into valuable insights that will help them enhance their security strategies. Check out page 14 to read the full article. On a separate note, the most-awaited event in the regional technology industry is here once again. As with every year, GITEX Technology Week promises to showcase the latest developments and innovations in the IT space. This year, the theme of the show will focus on how advanced technologies and the new generation will reshape the digital world. I, for one, am keen on finding out how security players will play a key role in this inevitable future. Looking forward to having insightful conversations with technology leaders at the show!
“BY SEEING MORE, ORGANISATIONS CAN UNDERSTAND THEIR ENVIRONMENTS BETTER AND ADAPT TO THE CURRENT THREAT LANDSCAPE.”
Published by FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)
Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111
EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140
Contributing Editors Daniel Bardsley Mark Forker Giorgia Guantario Sharon Saldanha
Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 PRODUCTION Operations Manager Cherylann D’Abreo cherylann.dabreo@cpimediagroup.com +971 4 440 9107
DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE
Photographer Charls Thomas Maksym Poriechkin
Tel: +971 4 440 9100 Fax: +971 4 447 2409
webmaster@cpimediagroup.com +971 4 440 9100
Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
GITEX 2019
GITEX 2019: SECURITY PLAYERS TO WATCH OUT FOR IN AN INCREASINGLY DIGITISED WORLD IT IS BECOMING APPARENT THAT THE FUTURE IS FAR CLOSER THAN WE MAY HAVE PREVIOUSLY THOUGHT. AS PEOPLE BECOME MORE CONNECTED AND CITIES GROW TO BE SMARTER, SECURITY IS NOW MORE IMPORTANT THAN EVER TO ENSURE SUCCESS IN THE DIGITAL FUTURE. AT THE 39TH GITEX TECHNOLOGY WEEK, TECH PLAYERS WILL BE SHOWCASING THE LATEST INNOVATIONS IN ARTIFICIAL INTELLIGENCE, BLOCKCHAIN, VIRTUAL REALITY, AND, OF COURSE, IT SECURITY. HERE ARE SOME OF THE TOP PLAYERS WHO WILL BE PRESENT AT THE SHOW: 6
OCTOBER 2019
www.tahawultech.com
A10 NETWORKS Visit them at: Sheikh Rashid Hall, SR–J10
protected, reliable, and always available. Our company’s AI-driven application and network security solutions offer customers 5G security, DDoS protection and multi-cloud application visibility, analytics and automation.”
BITDEFENDER Visit them at: Sheikh Rashid Hall, SR-E2
WHAT TO EXPECT: A10 Networks will demonstrate its entire portfolio of solutions including service provider network security for 5G, automated multi-cloud app delivery and security, app visibility and analytics, Distributed Denialof-Service (DDoS) with Zero-day Automated Protection, Carrier-Grade Networking and IPv6 Migration. During the event, executives from A10 Networks will run a series of presentations delivered on the booth daily, with the intention of helping to educate CIOs and IT managers about technology issues important from a regional standpoint including SSL traffic decryption, multi-cloud automation, 5G security and DDoS protection. SECURING THE FUTURE Mohammed Al-Moneer, regional vice president of Sales, A10 Networks, said, “We believe the future of cyber security for 5G and multi-cloud rests on ‘Intelligent Automation’ coupled with machine learning, ensuring that business-critical applications are
www.tahawultech.com
THE NEED FOR ROBUST SECURITY SOLUTIONS Tarek Kuzbari, regional director for Middle East, Bitdefender, said, “Given the region’s appetite for technology and innovation, governments and enterprises across the Middle East are increasingly turning to cloud environments and IoT applications to transform their operations and achieve growth. Traditional security solutions fall short in these scenarios as most IoT applications cannot be secured via an anti-malware solution. The best IoT security strategy is to focus on network threat detection, as the network is the common ground for all IoT devices.”
CENTRIFY Visit them at: Sheikh Rashid Hall, SR-J2 (StarLink stand) WHAT TO EXPECT: The company will highlight how Bitdefender Network Traffic Security Analytics (NTSA) utilises network traffic to provide an effective threat and breach detection solution, improving the security posture of IoT infrastructures. Bitdefender will also showcase how its GravityZone can offer organisations an endto-end breach avoidance platform across endpoint, network and cloud, enabling them to protect both IoT and IT infrastructures by yielding complete visibility on security-relevant events across both environments, and providing the tools to respond proactively, before an attacker can establish a presence in the infrastructure.
WHAT TO EXPECT: Centrify will be talking about its new radically different approach to security – Zero Trust Privilege. The company will focus on the educational side on how to implement a zero-trust approach to security and minimise the surface attack. It will also launch its new partner
OCTOBER 2019
7
GITEX 2019
programme, PEAK, where partners can benefit from great opportunities with Centrify for years to come. IMPORTANCE OF GITEX Andy Heather, general manager – EMEA, Centrify, said, “Our presence at the show is important for a variety of reasons. First, it’s a great venue to reinforce our great partnership with Starlink, and we’ll be exhibiting in their booth at the event. Second, we can continue to raise awareness for Zero Trust Privilege, which we feel is the best approach for any organisation to reduce risk associated with privileged access abuse, which is involved in 80 percent of data breaches. Finally, we can communicate key learnings from our customers at the event to help other organisations get a better picture of the security threatscape. It’s an exciting event that never disappoints to reveal new learnings and best practices.”
can deliver broad, integrated, and automated protection across an organisation’s entire digital attack surface from IoT to the edge, network core and multi-clouds. REGIONAL TRENDS Alain Penel, regional vice president for Middle East, Fortinet, said, “In addition to the cloud, we have seen a remarkable increase in AI adoption in the region. 5G continues to gather momentum as service providers gear up to roll out services and supporting infrastructure. In keeping with these developments, security solutions have also evolved to keep up with the changes in technology and an ever-increasing threat landscape. It is an exciting time as Fortinet solutions protect the entire end-to-end infrastructure without compromising network performance.”
JUNIPER NETWORKS FORTINET
Visit them at: Hall 6, C1
Visit them at: Sheikh Rashid Hall, SR-B10
to automate operations and offers innovative location-based services to its customers. TRENDS RE-SHAPING THE SECURITY SPACE Yarob Sakhnini, vice president, Emerging Market, EMEA, Juniper Networks, said, “AI is certainly one of the trends that’s re-shaping the cybersecurity industry. Wireless is the most strategic place to start as we adopt AI for IT. Many companies are already increasingly going wireless first, meaning Wi-Fi is the entry point into the network for virtually everyone and everything. And whether it’s a person accessing an application or an IoT device communicating with other devices, connectivity is not enough to declare success. User experience is the new uptime and it cannot rely solely on manual intervention. By integrating Mist’s cloud-management and advanced AI engine into the balance of Juniper’s enterprise portfolio, we are setting ourselves up to play a very strong role in the transition to the software-defined enterprise.”
MIMECAST Visit them at: Concourse 2, CC2-5
WHAT TO EXPECT: Fortinet will highlight the importance of securing edge networks and showcase its Secure SD- WAN, SD-Branch, OT and Cloud Security solutions at GITEX this year. The company will demonstrate how the Fortinet Security Fabric
8
OCTOBER 2019
WHAT TO EXPECT: At this year’s GITEX, Juniper will showcase its wide array of products, such as the Contrail Enterprise Multicloud platform, which provides policy orchestration and advanced analytics to customers. The company will also showcase the Mist Wireless LAN product (Mist is a Juniper Networks Company since acquisition earlier this year), which leverages AI
WHAT TO EXPECT: Mimecast will showcase its
www.tahawultech.com
expanded cyber resilience platform, which combines email and web security with awareness training for employees. GITEX attracts visitors from across the GCC and the world and is a prime opportunity for Mimecast to demonstrate it services and highlight its cyber resilience brand promise to a diverse audience. ENABLING SECURITY TRANSFORMATION Jeff Ogden, general manager, Middle East and India, Mimecast, said, “Organisations need to be prepared for the day when an attack does get through and have a clear plan to keep operating effectively. Digital transformation should empower top-line growth and build better experiences for customers. It is, therefore, vital that these new initiatives are protected from cyberattack or accidental downtime or else risk long-lasting brand damage.”
NOZOMI NETWORKS Visit them at: Sheikh Rashid Hall, SR-C10
WHAT TO EXPECT: Nozomi networks will showcase its real-time industrial control system (ICS) and Operational Technology
www.tahawultech.com
(OT) network visibility products and demonstrate how they can be integrated into existing platforms, such as Fortinet’s Network Access Control (FortiNAC). As IT and operational networks become more interconnected across the UAE and elsewhere, the attack surface for cyber threats has also expanded. Nozomi Networks arms enterprises with proactive tools, delivering OT visibility, threat detection and insight within a single solution to hundreds of thousands of critical infrastructure, energy, manufacturing, mining, transportation and other industrial devices worldwide. Nozomi Networks will use its participation at GITEX Technology Week to educate customers on the shifting threat landscape as organisations embrace the benefits of the Industrial Internet of Things (IIoT). THE YEAR OF ICS CYBERSECURITY Marcus Josefsson, director – Middle East, Africa and Russia, Nozomi Networks, said, “Cybersecurity challenges are expanding as ICS boundaries become broader, interwoven and interdependent, exchanging information with myriad other systems and processes. As industrial cybersecurity becomes a budgeted line-item for the mainstream market across the Middle East, we are experiencing phenomenal customer, partner and market growth. 2019 is the year for ICS cyber security,”
PROOFPOINT Visit them at: Sheikh Rashid Hall, SR-F2
WHAT TO EXPECT: Proofpoint will be demonstrating its People-Centric Security approach at GITEX this year, which includes targeted attack protection as well as real-time cybersecurity awareness training so that organisations can better protect themselves from an ever-evolving threat landscape. The company aims to educate users about cybersecurity best practices and empower them to understand how to protect their data, making them a strong last line of defense against cyber-attackers. IMPORTANCE OF GITEX Emile Abou Saleh, regional director, Middle East and Africa for Proofpoint, said, “GITEX is the most anticipated technology event in the region. We are thrilled to participate as it is a fantastic opportunity to meet partners, customers and industry professionals over the course of a few days. Our goal at this year’s GITEX will be to showcase how threat actors are increasingly targeting people, instead of infrastructure, and how the move to the cloud is changing protection needs. We aim to use GITEX as a platform to highlight how vital it is for organisations in the Middle East to recognise the human factor threat.”
OCTOBER 2019
9
GITEX 2019
RING Visit them at: Zabeel Hall, Z3-C12
WHAT TO EXPECT: Ring will highlight how it can provide the ideal home security solution that is affordable, proactive, easy to install, and comprehensive. It will showcase its latest suite of smart home security products, including the Ring Stick Up Cams, Ring’s first cameras meant for both indoor and outdoor use. The company will also showcase Ring Doorbells and Cams, which are all Wi-Fi enabled and equipped with HD video, motionactivated alerts, two-way talk, and night vision. It will also launch its fifth video doorbell, Ring Door View Cam, which is perfect for apartments, flats, townhouses and rentals in the Middle East. FUTURE-PROOF OFFERINGS Mohammad Meraj Hoda, vice president of business development – Middle East and Africa, Ring, said, “We are constantly innovating both our existing products and creating new ones to address various home security challenges. Ring Alarm Systems and Smart Lights are the latest addition to our ecosystem that will further strengthen our home security offering, those products will be available for Middle East market in the near future as well.”
10
OCTOBER 2019
SONICWALL Visit them at: Sheikh Rashid Hall, SR-B20
WHAT TO EXPECT: SonicWall will debut a special solution launch at this year’s GITEX. The company will also showcase its integrated cybersecurity platform designed to help SMBs and mid to large enterprises defend against today’s sophisticated and rapidly growing cybersecurity threats. It will highlight its networking and security solutions including NGFW, Next Generation Endpoint, Secure SD-WAN, RTDMI, Secure WIFI, Security-as-a-Service, Cloud Application Security (CAS), WAN Acceleration, Web Application Firewall, Security Analytics, Email Security and Secure Remote Access. ENABLING THE CHANNEL Mohamed Abdallah, regional director, Middle East and Turkey, SonicWall, said, “SonicWall has a very strong channel programme called ‘Secure First’. The programme is very popular with our partners as they stand to benefit immensely from its incentive and support structure. Moreover, with our end-toend security platform, our partners are motivated to sell to customers. Last year, we witnessed a number of partners meeting their targets and earning their promotion to the next level.”
SOPHOS Visit them at: Sheikh Rashid Hall, SR-D10
WHAT TO EXPECT: Sophos will showcase its latest cybersecurity innovations at GITEX Technology Week 2019. The company will demonstrate how its cloud security and EDR solutions can help organisations of all sizes battle emerging threat landscape. ENABLING REGIONAL SECURITY TRANSFORMATION Harish Chib, vice president, Middle East and Africa, Sophos, said, “Rapid digitisation in the countries, such as UAE, Saudi Arabia, Kuwait, Oman, and Jordan, has given rise to many connected devices. However, this connectivity has increased the vulnerabilities that today’s enterprising cybercriminals have enthusiastically embraced. They use a range of connected techniques in their malware attacks: a phishing email leads to an initial foot in the door, followed by a malware infection through exploitation of a known or unknown defect, then an escalation of privileges or a lateral movement across the network to spread the infection across different devices. A single compromised device can mean
www.tahawultech.com
www.nordencommunication.com
Hybrid High Density Patch Panel Cassette Type For Pre-terminated
Copper & Fibre Solutions
Pre-terminated Solutions Norden introduce Hybrid High Density Patch Panel which can accommodate copper & fibre termination in a single panel. Norden Pre-terminated Hybrid patch panels are ideal solutions for data centres and applications where speed of installation is important. Data centre managers can make changes on the fly based on rapid network growth and migration, business decisions, or shiing requirements. 1U High Density Blank Panel can accommodate 4 nos of fibre or copper cassettes with different types of adaptor.
Cassette Types · 24 Port LC to MPO/MTP Cassette (SM & MM) · 12 Port SC to MPO/MTP Cassette (SM & MM) · 6 Port Unshielded Copper Cassette (Cat 5e/6/6A) · 6 Port Shielded Copper Cassette (Cat 5e/6/6A) · 24 Port LC type Fibre Cassette (SM & MM) · 12 Port SC type Fibre Cassette (SM & MM)
Norden Communication UK Ltd
Unit 13, Baker Close, Oakwood Business Park Clacton-on-Sea, Essex, CO15 4BD, United Kingdom Tel: +44 [0] 1255 474063, E-mail: support@norden.co.uk
GITEX 2019
your network and connectivity are held hostage or used for malicious intent. Essentially, they exploit our IT connectivity to achieve their malicious ends. Regional organisations have realised that traditional security solutions are no longer enough to keep them ahead of today’s complex threats. They are now moving towards cybersecurity system that can cover all connected points whether they are endpoints, servers or networks.
STARLINK Visit them at: Sheikh Rashid Hall, SR-J1
management, risk and compliance, and infrastructure security. SPOTLIGHT ON COLLABORATION Nidal Othman, co-founder and managing director, StarLink, said, “Over the past decade, StarLink has pioneered various innovative initiatives to empower and facilitate its stakeholders to grow and expand their global footprint. Once again, we look forward to join forces and collaborate at this unique platform and strengthen our commitment to support enterprises in the region build a robust cyber and cloud infrastructure strategy to optimise their business operations without compromising user experience.”
THREATQUOTIENT Visit them at: Sheikh Rashid Hall, SR-J1 (StarLink stand)
WHAT TO EXPECT: StarLink will highlight its comprehensive solutions portfolio together with its vendor expert teams. It will will host 18 strategic vendors, namely Acronis, BlackBerry/Cylance, Centrify, Citrix, Cofense, Forescout, FireEye, Infoblox, LinkShadow, LogRhythm, Nexthink, Palo Alto Networks, Riverbed, ThreatQuotient, Pure Storage, Trend Micro, Tripwire and SecureLink with focus on data protection, software-defined data centre, identity and access
12
OCTOBER 2019
WHAT TO EXPECT: ThreatQuotient will make its GITEX debut this year. At GITEX, ThreatQuotient will educate customers and partners on why large and small threat intelligence teams would benefit by using ThreatQ to apply customer-defined scoring of intelligence, quickly
deploy threat data to existing sensor grids, and cornerstone workflows to focus on time to detect (TTD) and time to respond (TTR). TRENDS RE-SHAPING THE SECURITY SPACE Anthony Perridge, VP of International at ThreatQuotient, said, “Big data has been the focal point of data intelligence and data-driven culture, influencing many new developments and technologies. Companies have reaslised that data can do a lot for us, but raw data is only the result of observation, and without analysis it can’t have predictive powers. That’s where we come in. One of the biggest takeaways of cyber threat intelligence we will see is the change of security approach from reactive to proactive. It brings proactive defense against any threats that emerge outside your landscape before they even hit you. But it can only do that if it’s relevant, punctual and actionable – and more organisations, of all sizes, are beginning to understand this.”
GITEX Technology Week will be held from 6th - 10th October 2019 at the Dubai World trade Centre
www.tahawultech.com
Specialized Cyber Security & IT Distribution in META Region We cover all top 20 Critical Security Controls
emt.ae emtMETA.com
FEATURE
“VISIBILITY IS A VITAL ELEMENT FOR ENABLING ANY COMPANY TO MANAGE, CONTROL, PROTECT AND GAIN VALUE FROM THEIR DATA.”
14
OCTOBER 2019
www.tahawultech.com
DATA IS POWER JOHNNY KARAM, REGIONAL VICE PRESIDENT – EMERGING REGION, VERITAS TECHNOLOGIES, REVEALS THREE KEY PILLARS THAT CAN ENABLE CUSTOMERS TRANSLATE DATA INTO VALUABLE INSIGHTS.
T
oday’s business landscape is in the midst of a data explosion. The advent of the Internet of Things (IoT) technologies and advancements in trends such as artificial intelligence (AI) have prompted the rising number of endpoints, which produce immense volumes of data. In fact, a study by research and analyst firm Gartner estimates that 25 billion connected devices will be in use by 2021. Subsequently, a separate study by the International Data Corporation (IDC), predicted that this influx in endpoints will mean that “by 2020 the digital
www.tahawultech.com
universe – the data we create and copy annually – will reach 44 zettabytes or 44 trillion gigabytes.” Data has become a key input for driving growth. It gives businesses the potential to differentiate themselves, make strategic decisions and maintain a competitive edge. However, many companies are still struggling to make sense of their data and create value out of them. “Organisations today, especially those in major industry sectors such as finance, government and healthcare, have unstructured data growing at a phenomenal speed,” explains Johnny Karam, regional vice president for Emerging Region at global enterprise data protection firm Veritas Technologies.
Citing a study conducted by Veritas, Karam underlines that data is growing at a “faster pace than previously thought” creating both risks and opportunities for enterprises. “Only 19 percent of data is ‘clean’ or business-critical, while the rest are redundant, obsolete, trivial or dark, which means organisations have no clue what it is,” he adds. Understanding what data means is key to translating them into strategic insights, to do this, organisations need to first know where their data resides. With the right visibility, they can find and leverage whatever data is critical to them to build a competitive advantage. “Visibility is a vital element for enabling any company to manage, control, protect and gain value from
OCTOBER 2019
15
FEATURE
their data,” says Karam. “You cannot fly a plane without radars. So, you cannot harness the power of data for your business without proper visibility.” Modern enterprises are increasingly recognising not only the need to turn data into strategic insights, but to make that information more accessible, understandable, and relevant for all end-users within the business. Today’s data-driven economy is pushing businesses, no matter the shape or size, to manage their data growth and properly tap into it. According to Karam, Veritas has a unique approach in supporting its customers to achieve high visibility on their data. This strategy is focused on three key pillars – Availability, Protection and Insights (API). “Let’s begin with ‘Insights’,” says Karam. “Organisations need to determine where their data sits, to fully understand how they can gain insights from it – whether they’re stored onpremises, on virtual environments, or even in the cloud. “By doing this, they’ll be able to identify what data is mission-critical, put on long-term retention and what can be deleted,” he adds. In March, Veritas acquired APTARE Inc., a provider of analytics solutions for hybrid cloud environments, an acquisition that falls under the ‘Insights’ pillar of the firm’s API strategy. The acquisition, according to Veritas, strengthens its reporting and analytics portfolio. In a statement released by the company earlier this year, CEO Greg Hughes stated that the acquisition is focused on “making it simpler for customers to access critical information about their infrastructure and providing them with a one-stop-
16
OCTOBER 2019
shop for all reporting requirements— on-premises, in any cloud and across their technology ecosystem.” APTARE’s IT Analytics platform pulls information from storage area network arrays, network file systems, virtual machines, and all data protection applications to give organisations a complete picture of what’s happening with their data across multiple environments. “By doing so, organisations can gain insights into their complete infrastructure to make more informed decisions,” says Karam. “They’d be able to identify which departments within the company are the biggest consumers of IT, anticipate the needs of each business
“ORGANISATIONS NEED TO DETERMINE WHERE THEIR DATA SITS, TO FULLY UNDERSTAND HOW THEY CAN GAIN INSIGHTS FROM IT – WHETHER THEY’RE STORED ON-PREMISES, ON VIRTUAL ENVIRONMENTS, OR EVEN IN THE CLOUD.” unit and based on those insights optimise their storage infrastructure. Ultimately, this will also allow them to make solid and sound decisions on their IT investments.” The next key pillar is ‘Protection.’ With stricter privacy laws coming into effect, organisations globally are under immense pressure to better protect and manage their data—no matter where it resides. “Visibility or insights play a key role in this pillar as well,” says Karam. “Simply put, you cannot protect what you cannot see. “Once our customers understand their data, they’ll be able to identify
which assets are extremely sensitive and critical for the business, which will enable them to apply the necessary compliance tools and integrate the right protection tools,” he explains. Finally, ‘Availability,’ Karam explains that this element is what the firm seeks to address through its Veritas Enterprise Data Services Platform, a unified set of technologies designed to abstract the complexity of enterprise IT. “Digital enterprises often optimise multiple applications that leverage the organisation’s data,” he explains. “Our Enterprise Data Services Platform
www.tahawultech.com
ensures that mission-critical services are highly available, minimising downtime regardless of which environments the applications and data are stored.” The days of ‘data for data’s sake’ are over. Karam highlights the Veritas’ API approach is aimed at giving enterprises the power to maximise the value of their data. “We are focused on enabling them to attain total control over their most critical business asset – their data. In doing so, they can accelerate their operational efficiencies, drive down costs and increase profitability across the board.
www.tahawultech.com
“We are dedicated to developing innovations that simplify data protection and management, and ensure that data is always available and working for the future of business,” adds Karam. GITEX 2019 At this year’s GITEX Technology Week, Veritas Technologies will showcase its data management and protection offerings such as the new Enterprise Data Services Platform and its integrated APTARE IT Analytics offerings. It will also unveil the latest findings of the third Databerg Report. The company will also feature the V-Bar,
which offers customers and prospects the opportunity to meet with one of Veritas’ many subject matter experts to learn about new ways to manage data complexity. V-Bar visitors can gain in-depth information on the Enterprise Data Services Platform’s three pillars – Availability, Protection and Insights. A global team of Veritas experts along with experienced local team members will attend GITEX 2019 and address specialised sessions. Veritas will be at the Dubai World Trade Centre, hall 7, stand E20 from 6th to 10th October during GITEX Technology Week.
OCTOBER 2019
17
FUTURE SECURITY AWARDS 2019
CELEBRATING SECURITY INNOVATION AND LEADERSHIP SECURITY ADVISOR ME AND TAHAWULTECH.COM HOSTED THE FOURTH ANNUAL FUTURE SECURITY AWARDS AT A GALA CEREMONY AT JUMEIRAH EMIRATES TOWERS. 18
OCTOBER 2019
www.tahawultech.com
S
ecurity Advisor ME and TahawulTech. com Future Security Awards celebrated and recognised accomplishments in the regional IT security landscape. On 10th September 2019, the Future Security Awards kicked off at the Jumeirah Emirates Towers in Dubai and recognised individuals and organisations who have shown
www.tahawultech.com
dedication and leadership in building the foundation of a digital future with security innovation. The 2019 edition of Future Security Awards was attended by 200 industry stalwarts, and honoured 23 organisations and IT security leaders. Future Security Awards received over 150 nominations from both end-user and vendor categories. As businesses across the globe fast-track their digital transformation strategies, IT leaders are striving to enable their organisations securely
leverage the latest technologies to stay ahead of competition. Without a doubt, technology is reshaping businesses in numerous ways. And, increasingly, organisations that are embarking on their digital transformation journey are recognising that security is vital to the future success of this journey. TahawulTech.com and Security Advisor Middle East congratulate this year’s winners and applaud them for setting the bar high for security’s role in the digital era.
OCTOBER 2019
19
FUTURE SECURITY AWARDS 2019
20
TOP CISO/CSO OF THE YEAR KHALFAN MATAR ALHASSANI, ABU DHABI MONITORING & CONTROL CENTRE
MOST OUTSTANDING SECURITY TEAM ABU DHABI PORTS
BEST AI SECURITY PROJECT OF THE YEAR DUBAI POLICE
BEST IT SECURITY PROJECT OF THE YEAR DIFC
OCTOBER 2019
www.tahawultech.com
BEST AI SECURITY INNOVATOR HIKVISION
BEST ANTI-DDOS VENDOR CLOUDFLARE
BEST CLOUD SECURITY VENDOR MANAGEENGINE
BEST CYBERSECURITY DISTRIBUTOR WESTCON-COMSTOR
www.tahawultech.com
OCTOBER 2019
21
FUTURE SECURITY AWARDS 2019
22
BEST CYBERSECURITY TRAINING PROVIDER CERTNEXUS
BEST DISASTER RECOVERY SOLUTIONS PROVIDER MIMECAST
BEST ENDPOINT SECURITY VENDOR CROWDSTRIKE
BEST INTERNET OF THINGS SECURITY VENDOR FORTINET
OCTOBER 2019
www.tahawultech.com
BEST MANAGED DETECTION AND RESPONSE SERVICE PROVIDER SECURITY MATTERZ
BEST MANAGED SECURITY SERVICES PROVIDER HELP AG
BEST NETWORK SECURITY VENDOR CORELIGHT
BEST SECURITY AUTOMATION SOLUTIONS PROVIDER RAQMIYAT
www.tahawultech.com
OCTOBER 2019
23
FUTURE SECURITY AWARDS 2019
24
BEST SECURITY VAD BULWARK TECHNOLOGIES
BEST DIGITALISATION & CYBERSECURITY PROVIDER TÃœV RHEINLAND
BEST SMART HOME SECURITY VENDOR D-LINK
BEST UNIFIED THREAT MANAGEMENT VENDOR SOPHOS
OCTOBER 2019
www.tahawultech.com
INNOVATIVE SECURITY PRODUCT OF THE YEAR VNS TECHNOLOGY
SECURITY TRANSFORMATION CATALYST AWARD EMT DISTRIBUTION
AI-DRIVEN MANAGED DETECTION AND RESPONSE SERVICE PROVIDER PALADION NETWORKS www.tahawultech.com
OCTOBER 2019
25
26
OCTOBER 2019
www.tahawultech.com
YOUR DATA IS YOUR BUSINESS MAKE SURE YOUR COMPANY IS SAFE FROM DATA BREACHES OR LEAKS. EMPLOY OUR POWERFUL AND EASY TO DEPLOY SECURITY SOLUTIONS.
WWW.ESET.COM/ME (+971) 04 3754052
MORE THAN 110 M USERS AND 400K BUSINESS CUSTOMERS IN 200+ COUNTRIES AND TERRITORIES PLACE THEIR TRUST IN ESET SECURITY SOLUTIONS
FEATURE
BETTER TOGETHER SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS WHY ALLIANCES AND INTEROPERABILITY BETWEEN SECURITY VENDORS ARE VITAL IN KEEPING ORGANISATIONS CYBER RESILIENT AMID A GROWING THREAT LANDSCAPE.
28
OCTOBER 2019
www.tahawultech.com
A
s the threats from malign cyber actors continue to grow, so does the complexity of the efforts to protect from these attackers. Indeed, some companies use cybersecurity products from – literally – scores of vendors, adding extra names to the list as new threats emerge. This increased complexity brings with it complications, because the myriad products defending a network often do not communicate with one another, making it more difficult to monitor and deal with threats. “[Non-interoperability] creates a massive amount of workload for the security administrators,” says Professor David Chadwick, a professor of information systems security in the School of Computing at the University of Kent in the United Kingdom. According to Ken Elefant, a managing director at Sorenson Ventures, a venture capital firm based in Silicon Valley, United States, that invests in growing cybersecurity firms, most enterprises would prefer to be able to buy all of their cybersecurity products from one vendor. “Enterprises today are being inundated with [products from] dozens of companies and they’re not fully integrated with their legacy systems,” he says. “But it’s been continually getting more and more difficult for companies to focus
on just a few major vendors because they don’t have the coverage for these new attack vectors, so enterprises need to buy from forward-looking startups.” Indeed Elefant has spoken to chief information security officers (CISOs) who are dealing with products from as many as 80 vendors. Other cybersecurity experts too have identified similar issues. “With the tremendous growth and constant innovation of cybersecurity, with customers introducing their technologies, the complexity is growing exponentially over time,” says John Trauth, the cofounder and CEO of Bricata, a network security solutions company based in Columbia in the United States. “With the advent of so many cybersecurity companies out there, and customers constantly striving to leverage best of breed, integration definitely becomes an issue.” As might be expected, problems of integration increase with the size of the company; smaller businesses, with their less complex networks, are often able to minimise the issues that they face. “I would say the small and mediumsized guys have a tendency to avoid integration by [using] MSSPs [managed security service providers] or adopting multi-function domains like nextgeneration firewalls,” says Trauth. But for larger customers, it is an important, and growing, concern. In this climate, a recent announcement by Mimecast, which provides cloud-based email security
Ken Elefant, Sorenson Ventures
“ENTERPRISES TODAY ARE BEING INUNDATED WITH [PRODUCTS FROM] DOZENS OF COMPANIES AND THEY’RE NOT FULLY INTEGRATED WITH THEIR LEGACY SYSTEMS.” www.tahawultech.com
services, is all the more interesting. The company recently launched its Cyber Alliance Programme, which aims to bring diverse vendors into what Mimecast describes as “an extensive cyber-resilience ecosystem”. Based around interoperability and data sharing, the programme looks to integrate products from different sellers “for the greater good of the customer”. In a statement released at the time of the launch, Christina Van Houten, Mimecast’s chief strategy officer, noted that administrators may face challenges processing and responding to alerts while managing “a variety of disparate security solutions”. “Automation through interaction with Mimecast APIs [application programming interfaces] helps streamline and simplify these efforts as they bolster cyber resilience,” Van Houten said in the statement. Mimecast’s initiative to promote interoperability is not the first of its kind, as some other vendors have similar programmes. A notable example is the Cyber Threat Alliance (CTA), described as a research collaboration between, among others, Fortinet, Symantec, Palo Alto Networks and McAfee. Developed into a non-profit organisation, the CTA looks to tackle issues of “isolated knowledge”. Open APIs of the kind that form part of Mimecast’s strategy for its Cyber Alliance Programme do, of course, form a key part of wider efforts to promote interoperability. “More and more programmes are providing APIs to support interoperability, where process A will have an API and process B can communicate with that API to pass information to process A or to do something,” says Sam Pumphrey, head of digital security at Cambridge Consultants in the United Kingdom. “What you can do is pretty much endless conceptually; it’s just entirely
OCTOBER 2019
29
FEATURE
down to how that API has been designed. “There’s even a trend now towards ‘microservices’ – breaking things down to almost individual function level. Rather than one large server or service, you have hundreds of small functions that each do one thing and they can be easily reconfigured and reused. “Each function exposes an API and they can call each other. You can end up with quite powerful results and it can improve code maintainability, extensibility and interoperability. It’s an architectural design pattern that’s becoming more common.” However, Pumphrey says that, when interfaces are being designed, there is often a tendency to re-design and not to look for existing open APIs and standards. “The ideal scenario in the future is that everything is open standards – there are well-defined standards so that integration becomes straight forward. I don’t think at the moment it’s straight forward,” he says. It is a view echoed by Chadwick, who notes that, with new products being developed all the time, common standards have to follow on from the development of new technologies, rather than vice versa. “If you go back 30 years to when open email was invented, different companies produced email in different systems, so you couldn’t transfer between the
John Trauth, Bricata
“WITH THE ADVENT OF SO MANY CYBERSECURITY COMPANIES OUT THERE, AND CUSTOMERS CONSTANTLY STRIVING TO LEVERAGE BEST OF BREED, INTEGRATION DEFINITELY BECOMES AN ISSUE.” systems,” says Chadwick, who is himself involved in developing standards for verifiable credentials that use open APIs. “You cannot create standards for a product that doesn’t exist, so people develop products and they store the data in forms that seem sensible to them. “When other people create products, you start to see the commonality and you start to standardise them. The standards usually lag behind.” Trying to develop standards before products are developed can lead to “a mess”, says Chadwick, because it can be unclear if those standards will work. While a lag in standards undoubtedly partly explains the fact that cybersecurity products often do not communicate effectively with one another, vendor reluctance is also, according to industry experts, an issue. “Sometimes the big platform guys will not be as open to integration because they’re trying to grab as much market
Sam Pumphrey, Cambridge Consultants
“THE IDEAL SCENARIO IN THE FUTURE IS THAT EVERYTHING IS OPEN STANDARDS – THERE ARE WELL-DEFINED STANDARDS SO THAT INTEGRATION BECOMES STRAIGHT FORWARD. I DON’T THINK AT THE MOMENT IT’S STRAIGHT FORWARD.” 30
OCTOBER 2019
share as they can,” says Bricata’s Trauth. Elefant at Sorenson Ventures echoes this view, saying that large vendors are typically reluctant to invite other large vendors into their programmes because they view them as competitors. “That’s the key blocking point. Security companies need to work with other security companies and integrate, regardless of whether they’re a competitor or not,” he says. But what can be done to encourage the security companies to do this? Elefant suggests that customers can be part of the answer. Major customers, he says, should use their leverage to push suppliers to integrate their products with those of rivals. As Elefant puts it, customers “should demand tight integration from their key vendors or they should move away”. As an example, he suggests that if a large bank was to demand from one supplier that it integrated its products with those of another supplier, “that would create a very tight ecosystem”. Elefant names McAfee and Symantec as theoretical examples of two companies that could make efforts to integrate their respective products, because the two firms compete heavily when it comes to endpoint security. “The most sophisticated chief security officers are demanding and should be demanding more in this respect. That’s the only way that interoperability is going to change,” he says.
www.tahawultech.com
FEATURE
BUILDING A DIGITAL FORTRESS SMART BUILDINGS OPTIMISE ADVANCED TECHNOLOGIES SUCH AS IOT-ENABLED DEVICES, SENSORS AND THE CLOUD TO EFFECTIVELY MONITOR, CONTROL AND ENHANCE THE PERFORMANCE OF BUILDING SYSTEMS. HOWEVER, THE ELEMENTS THAT MAKE A BUILDING “SMART” ARE ALSO WHAT MAKES IT VULNERABLE TO CYBER-ATTACKS.
F
ew areas of technology capture the public’s imagination more than smart buildings, which are being developed in ever-greater numbers. Indeed, market research suggests that the global market for smart buildings is growing by more than 30 per cent a year. Worth around $7 billion (Dh25.7 billion) in 2014, the market worldwide is forecast to be valued at as much as $36 billion (Dh132.2 billion) next year. Investments are being made in smart systems that deal with everything from energy to escalators, from security to parking management. This enthusiasm for smart buildings is not difficult to understand. Not only are
www.tahawultech.com
they much more responsive to the needs of building users, helping to improve productivity and comfort, but they are, of course, also much more efficient, creating energy savings that translate into financial and environmental benefits. As Juan Manuel Harán from the cybersecurity company ESET notes in a recent briefing document, the likes of security cameras, water management, ambient temperature and lighting can be controlled through Building Automation Systems (BAS). These systems manage Internet of Things (IoT) devices that, equipped with sensors, can carry out monitoring, forecasting, analysis and diagnosis linked to the variables they control. Professor Tarek Hassan, professor of construction informatics at
OCTOBER 2019
31
FEATURE
Loughborough University in the United Kingdom, notes that smart buildings may give users a visualisation of how their interaction with the building affects that building’s performance. “And then there’s IoT. If this is linked with other aspects of the user interface, like their smart TV, smart phone, coffee machine, it can be integrated so that user can, for example, see on their phone their energy usage,” he says. “They can even control the heating and switch it up before they come home when they’re at work.” There are many other academics interested in smart buildings. Among them is Professor John Fitzgerald, head of the School of Computing at Newcastle University in the United Kingdom, who says that smart buildings should be thought of as being “much more than just concrete or digital artefacts”. “They are cyber-physical systems formed from many interacting elements, including people, computing, network and physical elements. It’s the interaction that’s critical,” he says. As an example, he notes how the ability to move people around a building swiftly depends on power, lighting, signage and access control. “It’s a mistake to think of any of these elements in isolation: failures in any of them can affect the others, and hence the emergent
quality of life and safety of a building’s occupants and neighbours,” he says. Newcastle University is particularly active in research into smart buildings, not least thanks to its £58 million (Dh265.7 million) Urban Sciences Building, which is equipped with 4,000 sensors, the data from which can be accessed in real time.
John Fitzgerald, Newcastle University
“SMART BUILDINGS SHOULD BE THOUGHT OF AS BEING MUCH MORE THAN JUST CONCRETE OR DIGITAL ARTEFACT. THEY ARE CYBER-PHYSICAL SYSTEMS FORMED FROM MANY INTERACTING ELEMENTS, INCLUDING PEOPLE, COMPUTING, NETWORK AND PHYSICAL ELEMENTS. IT’S THE INTERACTION THAT’S CRITICAL.” 32
OCTOBER 2019
Fitzgerald helped to lead the development of the 2017 building. While smart buildings undoubtedly offer myriad benefits, from improved quality of life for occupants to cost savings for owners and tenants, they also face cybersecurity vulnerabilities. One of Fitzgerald’s colleagues at Newcastle University, Dr Charles Morisset, a senior lecturer in security, notes that a key vulnerability comes from the openness of smart systems. They are designed to allow the integration of new devices, but this increases the attack surface. “There is no longer a simple wire between the switch and the lightbulb,” he says. Basic and advanced controls are done over TCP/IP (transmission control protocol/internet protocol) networks such as BACnet, a building automation and control communications protocol, making it easier, Morisset says, for an attacker to intercept and modify messages.
www.tahawultech.com
John Mace, Newcastle University
“WHERE SECURITY IS IN PLACE, SYSTEMS DO NOT INTER-COMMUNICATE AND THE CYBER AND PHYSICAL SECURITY OF THOSE SYSTEMS ARE TREATED AS SEPARATE CONCERNS.”
“Another key vulnerability is the usual lack of ownership and governance of smart infrastructure within an organisation,” he says. To explain this, Morisset notes that IT systems usually belong to a different branch or division to infrastructure systems, so the impact of different decisions is not clearly visible, and can mean that there is no comprehensive strategy. The Royal Academy of Engineering in the United Kingdom makes a similar point in a smart buildings briefing document. “If building management systems (BMS) operated by the facilities team are connected to corporate systems operated by the corporate IT team, there needs to be clarity about who takes responsibility for protecting the security of the BMS,” the document states. Morisset warns of the risk of direct impacts on critical heating, ventilation and air conditioning systems, such as those controlling server rooms or
www.tahawultech.com
temperature-sensitive material. “Imagine an attack on the temperature control of a criminal evidence room: this could, for instance, destroy DNA evidence,” he says. There is also the potential for privacy violations, with a study from a decade ago showing that simple, non-interactive environment sensors can track occupancy. It may even be possible to monitor the personal hygiene of individuals. “More recent work showed that we can detect who does not wash their hands in the bathroom and that we can track user movement,” says Morisset. “Although occupancy data can be very useful to monitor and improve wellbeing, the lack of strong security might open this data to hackers.” Such privacy issues are also highlighted by Hassan at Loughborough University, who says that sensors will collect “so much data about the users and the building”. “No one knows who will have the data, who will use the data. Privacy and cybersecurity are primary issues that are often overlooked,” he says. Vulnerabilities also come from legacy systems not having had updates. For example, six years ago security researchers were able to hack the BMS at Google’s offices in Sydney because a security vulnerability had not been patched. “What happens when we discover a similar vulnerability for a system installed 10 years ago and for which the manufacturer no longer exists? Some
sensors are built into the walls, and replacing them can come at great cost,” says Morisset. Another Newcastle University researcher, Dr John Mace, a lecturer in cybersecurity, notes that many existing buildings are being retrofitted with internet technology to form networks of disparate legacy systems to which, as he puts it, “security solutions cannot simply be bolted on”. “The designs for new buildings come purely from civil engineering fields without any security advisement, meaning that specifications rarely state that building networks have to be secure,” he says. This, along with the way in which there are little or no security mechanisms for the data communication protocols used with building automation and control networks (BACnet and KNX are commonly used) means that data traversing building networks can be exposed to cyber attacks. “Memory, power and processing constraints of distributed sensors also means that security mechanisms such as data encryption are often too costly to implement,” says Mace. “Where security is in place, systems do not inter-communicate and the cyber and physical security of those systems are treated as separate concerns. “This disparity makes it hard to understand centrally what is going on and identify whether an attack against the building network is happening.” When it comes to dealing with the many threats facing smart buildings, Fitzgerald, in line with his systems-based approach, suggests that solutions should involve more than just single interventions to save the security of the building. “Rather you have to look at the interaction between different elements – computational, physical and human – and look at the consequences for the building as a whole system,” he says.
OCTOBER 2019
33
INTERVIEW
KEEPING NETWORKS SAFE
PRINCIPAL SECURITY STRATEGIST RICHARD BEJTLICH DISCUSSES HOW ORGANISATIONS CAN LEVERAGE CORELIGHT TO BOLSTER BOTH THEIR PREVENTIVE AND PROACTIVE SECURITY STRATEGIES.
C
orelight is primarily leveraged for security use cases such as threat hunting with its network transaction logs. Can you explain what are the use cases for Corelight? First, Corelight, on its own, is a completely passive system. It is an observation platform, from which one can understand the network. No one is going to degrade, disrupt, or otherwise impair the network by properly deploying Corelight. The system simply listens for traffic provided by a network tap, traffic broker, switch span port, or virtual private cloud traffic mirroring source. Second, Corelight’s transaction logs are essentially compact, high-fidelity descriptions of how the network is being used. Its data is inherently “policy neutral,” meaning that the software observes, distills, and records what it sees, regardless of whether an outsider considers it good, bad, or indifferent. “Out-ofthe-box” Corelight is keeping track of
34
OCTOBER 2019
www.tahawultech.com
what it sees, working as a platform upon which many network-centric capabilities can be built. Third, Corelight retains data that its programmers have found to be most useful for those trying to understand their network. Corelight gives administrators, engineers, analysts, scientists, and others, the data they need in a format they can most efficiently use. For example, when working with Javascript Object Notation (JSON) formatted output, the logs are essentially self-documented text files, readable by humans and easy-to-share for collaborative analysis. Now that we know that Corelight is a passive system, describing network use, and offering the right data for analysis, what are the other applications for Corelight that goes beyond threat hunting? Let me give you an example that’s based on a real event and is applicable to many organisations. A component of a global company wanted to tighten up the security systems between itself and the firm’s other business units. This division wanted to restrict network access to those parties who required it for business purposes, while denying access to everyone else. However, the division did not know how its network was being used. It feared that if the
security team began implementing new access control list entries on in-line security devices, primarily routers and firewalls, that legitimate business traffic might be disrupted. The division worried that interruptions to business operations would undermine its security measures and result in no improvement whatsoever. The security team realised that it needed to understand how its network was being used before implementing a single new access control list. They began collecting network security monitoring data in Corelight format at the locations where they expected to begin limiting network access. After 30 days, they analysed the data and developed a profile for normal business-to-business activity, which in the future would be whitelisted and passed. They also discovered several instances of suspicious and malicious activity which prompted formal incident response processes. Once the analysis was complete, the security team implemented their new access control list, based on the 30 days of transaction logs. They did not hear a single complaint from any business representative. They had successfully improved the security of their businessto-business network connections while preserving legitimate operations. They decided to replicate the process in other parts of the company as well.
“IF AT SOME POINT THE ORGANISATION SUSPECTS IT HAS BEEN COMPROMISED, THAT DATA WILL BE INVALUABLE. USING CORELIGHT DATA, ORGANISATIONS CONDUCTING INCIDENT RESPONSE CAN BETTER DETERMINE THE SCOPE AND DURATION OF THE INCIDENT, STRETCHING BACK AS FAR AS THE STORED DATA ALLOWS.” www.tahawultech.com
The scenario you have described looks like an example of organisation implementing a preventive security measures, which means the business unit was trying to improve its posture. Can Corelight be instrumental for organisations that are on the other end of the spectrum and want to apply proactive security strategies? Absolutely, a previously stated, Corelight data is compact, yet high-fidelity. In one experiment that I conducted, I found that Corelight data was 1/1000th the size of full content data in libpcap format (“pcap”). In other words, I had collected roughly 300 GB of network data in pcap format over two weeks, but Corelight summarised that data into logs occupying 300 MB of space, in a compressed and archived format (“gzip”). Some believe that security teams should only collect the data that they could reasonably be expected to review on a regular basis. The special nature of Corelight data turns this advice on its head. Because raw storage is cheap, it makes sense to collect Corelight data whether or not it is immediately or routinely reviewed. Consider the benefit of having weeks, months, or potentially years of Corelight data saved to disk. If at some point the organisation suspects it has been compromised, that data will be invaluable. Using Corelight data, organisations conducting incident response can better determine the scope and duration of the incident, stretching back as far as the stored data allows. One caveat to this strategy is important: beware cost or storage limitations imposed by a Security and Information Event Management (SIEM) solution. It does not make sense to load unending data into a SIEM if the cost model is volume-based. The advice here relates to saving to a cheap storage solution, whether an on-premise option or cloud-based offering.
OCTOBER 2019
35
INTERVIEW
AIM FOR RESILIENCE AMIT ROY, EVP AND REGIONAL HEAD FOR EMEA, PALADION NETWORKS, DISCUSSES THE GROWING IMPORTANCE OF AI IN RESHAPING THE SECURITY LANDSCAPE.
H
ow can artificial intelligence (AI) optimise threat detection and response? AI is no longer just an optimising factor— it is now essential part of cybersecurity. Organisations are expanding their networks and endpoints across cloud, mobile and the Internet of Things. This makes it challenging for them to monitor their entire infrastructure via traditional manual methods, let alone rapidly detect and respond to any threats lurking in there. AI offers the only way to secure the modern digital organisation. An AI-driven cybersecurity system can monitor an endlessly scaling network in near real-time. It can find advanced unique threats by correlating seemingly unrelated threat data. And it can automate many response activities, allowing organisations to contain, analyse, and remediate threats before they cause harm.
36
OCTOBER 2019
As organisations grow larger, threats become more complex and cybersecurity talents become harder to find, AI will only become more and more essential. A testament to this growing need for AI-powered solutions is our AI-Driven Managed Detection and Response, which many of our customers consider as an essential aspect of their security strategies. When it comes to threat detection and response, understanding network behaviour is a huge factor. How can Paladion help organisations increase visibility within their networks? To start with, we can give businesses deeper visibility into their networks. Most organisations have no visibility into what’s going on in their networks. Many of them are not looking at all, generally for a few reasons, firstly, they think their perimeter defences are good enough (they are not). They also think their cloud vendors are covering security for them (they are not). Thirdly,
they do a basic malware scan and think that’s good enough (it’s not). Lastly, and most commonly, they monitor a small segment of their network during normal working hours when their security staff isn’t busy, however, cybercriminals simply don’t operate under the similar 9-5 working hours. At the least, we can give these organisations cost-effective 24x7x365 security monitoring on all of their assets— for both cloud and on-premise infrastructures. But we also offer advanced services for organisations who understand that visibility is just the first step in defending their networks. As cybersecurity increasingly becomes embedded into the latest technologies, how are you innovating to keep your offerings future-proof? The bad news is there really is no such thing as a “future-proof” cybersecurity. The field just changes too quickly. Organisations are rapidly evolving their infrastructure that they need us to
www.tahawultech.com
defend and cybercriminals are always evolving their attacks. We have already been in the field for nearly 19 years. We have been at the forefront of new technologies and offerings the whole time. Just last year we launched the industry’s first fully AI-driven Managed Detection and Response offering. Nonetheless, we are not complacent. We are always evolving our services, skills, and underlying technology. Our adoption of AI is just the most recent iteration of this evolution— and we are committed to continuing to develop, adopt, and innovate whatever is needed to deliver market-leading security tomorrow, a year from now and ten years from now. What are the most common challenges organisations face when developing their Security Operations Centres? How can Paladion help them address these issues? That depends on the size of
the organisation. Enterprises generally do a good job developing their own SOCs. They invest substantial resources building up core capabilities. But they always run into some sort of roadblock developing complete coverage. Some of the issues they face could be that they aren’t able to find enough people with the rare security skills they need. They may also not have the extra budget needed to develop some of the more powerful capabilities or they just can’t see the gaps in their own coverage because they’re too close to it. No matter what it is, we help enterprises fill the gaps in their security services through a modular deployment of our programmes. For example, our AI-Driven MDR Services can augment an enterprise’s existing SOC and provide deeper
detection, faster threat analysis, incident response, and more. By contrast, SMBs generally don’t have the resources required to build any sort of substantial internal security capabilities. Therefore, they rely on us to provide complete turn-key defences through our Managed Detection and Response Service. What can the market expect from you for the rest of the year and beyond? We have a proactive pipeline of services that we are continuously developing and expanding. We are offering increasingly tailored security services for the most commonly deployed cloud platforms. We are expanding the strength and scope of our security testing services. In addition, we are constantly improving our AI platform and how it powers our core MDR services.
WE ARE ALWAYS EVOLVING OUR SERVICES, SKILLS, AND UNDERLYING TECHNOLOGY. OUR ADOPTION OF AI IS JUST THE MOST RECENT ITERATION OF THIS EVOLUTION— AND WE ARE COMMITTED TO CONTINUING TO DEVELOP, ADOPT, AND INNOVATE WHATEVER IS NEEDED TO DELIVER MARKET-LEADING SECURITY TOMORROW, A YEAR FROM NOW AND TEN YEARS FROM NOW. We plan to expand our services in the Middle East and Africa, and to the industries that are experiencing the most vulnerabilities, such as government, finance and banking, while we continue to serve clients in healthcare, education retail and manufacturing. But ultimately, we are here to serve our clients in any way they need. As their needs evolve, we will evolve our services in tight alignment. 2020 will be no different.
www.tahawultech.com
OCTOBER 2019
37
INTERVIEW
SECURING THE DIGITAL ENTERPRISE ABHIJIT MAHADIK, DIRECTOR, INFRA & CYBERSECURITY, RAQMIYAT SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS AI AND MACHINE LEARNING’S ROLE IN ACCELERATING ENTERPRISE SECURITY AND WHY CONTINUOUS EDUCATION IS VITAL FOR STAYING AHEAD OF THE “BAD GUYS.”
A
s technologies advance, so do cybercriminals. So, why is it that people still overlook the importance of cybersecurity? A recent industry report highlighted that the Middle East region ranks ninth as the most targeted market for cyber-attacks globally. Subsequently, the UAE has been ranked as the third most attractive target for cyber threats in the region. Regional organisations neglecting the importance of cybersecurity as part of their IT strategies is a thing of the past. Today, Middle East companies have a comprehensive understanding of how vital security’s role is in their digital strategies. They are making significant investments in enhancing internal skillsets, employing external expertise and adopting new technologies to build robust security strategies.
38
OCTOBER 2019
www.tahawultech.com
Do you think anything is lacking in the industry that’s making organisations vulnerable to today’s cyber threats? As we develop new security and strategies and adopt trends such as artificial intelligence (AI) and machine learning, cyber-attackers are also evolving their own methods to leverage the same technologies. Cyber threats, whether it be malware, privileged access attacks or data theft are increasingly becoming more advanced and sophisticated. Cybercriminals are increasingly using advanced tools such as AI and machine learning to find new gaps and exploit more vulnerabilities in an organisation’s network. Continuous innovation is key to staying ahead of the bad guys. Organisations who are not already leveraging technologies around machine learning and AI in their cyber defence will lag behind. How can organisations foster a security-aware culture? Today, the role of the CISO is not just limited to preventing external threats but also in protecting the organisations against insider threats, which include employees who have left the company and third-party stakeholders. However, more often than not, insider threats are those unaware employees. There’s also the case of disappearing perimeters as today’s workforce increasingly utilise cloud and mobility
technologies to stay productive. However, many use corporate devices in unsafe environments, which opens a lot of vulnerabilities. For every organisation, having a security-aware culture can make all the difference between being secure and being vulnerable. That’s why security leaders need to ensure that every member of their workforce is aware of the security parameters that have been imposed by the company. Constant education is essential to make sure that all employees have a proper
“CONTINUOUS INNOVATION IS KEY TO STAYING AHEAD OF THE BAD GUYS. ORGANISATIONS WHO ARE NOT ALREADY LEVERAGING TECHNOLOGIES AROUND MACHINE LEARNING AND AI IN THEIR CYBER DEFENCE WILL LAG BEHIND.” www.tahawultech.com
understanding of the security risks and are equipped with the proper knowledge to mitigate them. Where do you see the regional security landscape heading and what role can Raqmiyat play in enabling organisations to deal with the changes? We can expect more digital disruptions in the region. Raqmiyat will continue to develop new initiatives and innovations to help originations cope with the digital revolution that will come to the regional business landscape. A good example of this is the different cloud players coming into the region such as Amazon Web Services and Microsoft. Many organisations want to optimise the opportunities that the cloud brings, however, concerns remain as to how they can stay secure in cloud environments. Raqmiyat is armed with the expertise and tools to help them address the security challenges and harness the opportunities.
OCTOBER 2019
39
INTERVIEW
ON THE WATCH CROWDSTRIKE SENIOR DIRECTOR RAWAD SARIEDDINE DELVES INTO HOW THE CUSTOMER DEMANDS AROUND ENDPOINT SECURITY ARE EVOLVING AND HOW THE FIRM’S CLOUD-NATIVE OFFERINGS CAN ENABLE THEM ACHIEVE BETTER VISIBILITY ON THEIR INFRASTRUCTURE.
W
ith the increasing number of endpoints and disappearing perimeters, how can organisations keep their environments cyber resilient? The traditional network perimeter is dissolving as organisations adopt cloud technologies and today’s workforce become increasingly mobile. This is why, it is more critical than ever for customers to reevaluate their endpoint protection strategies and deploy modern prevention and visibility tools across all their workloads, whether on-premise or in the cloud. Organisations today also need to infuse threat intelligence into their security tools to become more aware, resilient and proactive in their security strategies. What have been the most prevalent threats on endpoint devices over the past 12 months? And how does CrowdStrike help address these pain points? Over the recent past, the threat
40
OCTOBER 2019
www.tahawultech.com
surrounding endpoints have grown at an unprecedented pace as cyberattackers evolve their methods. Today, almost every cyber threat globally is targeting endpoints and attackers have been evasive enough to move away from classic malware based attacks, into much stealthier techniques such as file-less attacks, exploits, and spear-phishing. Our global expertise gives us a good understanding of today’s threat landscape and enables us to offer deep insights to our customers. Because of this, we have devised the concept of modern active endpoint detection and response (EDR), which leverages agent machine learning and cloud analytics to stop endpoint breaches. This method combines artificial intelligence (AI) with indicators of attack and threat hunting capabilities. Because of this, we are recognised today as a market leader in the endpoint protection space, by top analyst firms such as Gartner, Forrester and IDC. How have customer demands around endpoint protection solutions evolved over the years? Enterprises today have grown tired of bloated agents that hog machine resources and provide very little protection against modern threats. They have come to terms with the fact that they need to modernise their endpoint security strategies and replace legacy vendors. They look at CrowdStrike as a uniquely positioned ecosystem, which offers unmatched protection, detection and response capabilities, along with IT hygiene, vulnerability management, and world class threat intelligence. How will AI and automation technologies transform the security industry? Do you see these
www.tahawultech.com
“ENTERPRISES TODAY HAVE GROWN TIRED OF BLOATED AGENTS THAT HOG MACHINE RESOURCES AND PROVIDE VERY LITTLE PROTECTION AGAINST MODERN THREATS. THEY HAVE COME TO TERMS WITH THE FACT THAT THEY NEED TO MODERNISE THEIR ENDPOINT SECURITY STRATEGIES AND REPLACE LEGACY VENDORS.” technologies displacing traditional security roles in the next five years? The cybersecurity landscape is heading towards immense growth as cloudnative vendors continue to invest in technologies such as AI and machine learning. This growth calls for new skills from cyber talents, as requirement move away from traditional L1 analyst to expertise in malware analysis, cloud workloads, APIs and scripting, as well as threat hunting. Are traditional AV solutions becoming obsolete? What’s the main driver behind this? Traditional AV vendors have reached a position where they either continue their legacy approach and keep losing market share, or sell out their business to larger non-cybersecurity companies. This is because many traditional software firms face challenges in adopting cloud-native, AI-powered technologies. Customers are increasingly adopting modern technologies like CrowdStrike, to get rid of the agent bloat that consumes endpoint resources without offering real protection. The main driver for displacement is that the legacy vendors’ bolt-on approach, which entails integrating multiple features and agents into a 20-year-old code across various consoles. Enterprises today are looking for new methods that leverages a unified
lightweight agent that collects data once, utilises it for analytics, prevention and visibility. How does Falcon OverWatch enable organisations to proactively address cyber threats? Falcon Overwatch is a unique global service of a round-the-clock team of threat hunters. It constantly looks into millions of indicators with weak signals and silent detections, that are guaranteed to fly under the radar of endpoint protection and EDR solutions. Overwatch specialises in detecting advanced e-Crime and APT activity that leverages hands-on-keyboard and stolen credentials attacks that would otherwise be a nightmare to stop. What can regional firms expect from you in the next 12 months? We continue to outpace the endpoint security space in terms of innovation, and technology partnerships. Currently we are running 10 modules on our platform, including next gen AV, EDR, device control, IT hygiene, vulnerability management, threat intelligence and threat hunting. We continue to invest in the CrowdStrike Store, by announcing partnerships with vendors that offer email security, web security, OT security, NAC and UEBA among others. Over the course of this year you will be seeing multiple announcements in that space from CrowdStrike.
OCTOBER 2019
41
FEATURE
THE COST OF A DATA BREACH A RECENT STUDY BY IBM HAS PREDICTED THAT THE COST OF BREACHES WILL EXCEED AN ESTIMATED $5 TRILLION IN FIVE YEARS. THE GROWING VOLUME OF THREATS WILL PUSH MORE GOVERNMENTS TO IMPOSE HEAVIER PENALTIES PUTTING INCREASING PRESSURE ON COMPANIES TO GET THEIR DATA SECURITY RIGHT, DANIEL BARDSLEY REPORTS.
42
OCTOBER 2019
www.tahawultech.com
I
f a company is keen to lose money fast, one of the best ways of doing it in today’s world seems to be to breach the rules on how customer data is looked after. This is shown by the fines imposed recently on corporations that have suffered cyber breaches involving customer information or that have otherwise fallen foul of data regulators. For example, in July the Information Commissioner’s Office (ICO) in the United Kingdom fined British Airways (BA) £183.39 million (Dh839.55 million) after the data of about half a million of the airline’s customers was stolen. The violation began in June 2018 and involved traffic on BA’s website being channelled into a fraudulent site. On levying the fine for the breach of the EU’s General Data Protection Regulation (GDPR), the UK’s information commissioner, Elizabeth Denham, was uncompromising in her comments.
When an organisation fails to protect customer data, she said in a statement, the consequences are “more than an inconvenience”. “That’s why the law is clear – when you are entrusted with personal data, you must look after it,” Denham added. BA was not the only corporation that Denham slapped with a heavy fine in July. That month the ICO announced that the hotel group Marriott International would have to pay £99.2 million (Dh454.24 million) after losing control of 339 million guest records. Significant though these two fines from the ICO were, they were dwarfed by a pair of fines imposed in the United States in July, a month that demonstrated unequivocally the determination of authorities to get tough with data breaches. The Atlanta-headquartered credit reporting agency Equifax agreed to pay $700 million (Dh2.57 billion) in fines for a data breach in 2017 that saw the records of 145 million customers compromised.
Amanda Finch, Institute of Information Security Professionals
“THE IDEA WAS IF FINES OUTWEIGH THE COST OF IMPROVING SECURITY OR HAVING MORE PEOPLE TO IMPROVE AWARENESS, PROCESSES AND PROCEDURES, ORGANISATIONS ARE GOING TO REALISE IT’S MORE COST-EFFECTIVE TO PRIORITISE THEIR CYBERSECURITY RIGHT FROM THE BEGINNING.” www.tahawultech.com
Some of the fine was to be channelled to customers affected by the breach, while a portion was earmarked for the Consumer Financial Protection Bureau. As part of the settlement for the data loss, which saw information such as home addresses and social security numbers stolen, Equifax had to designate an employee with ultimate responsibility for cyber security. Near the end of the month came the biggest fine – by quite a margin – when it was announced that Facebook would pay $5 billion (Dh18.37 billion) because of how it had shared the data of users. Among Facebook’s wrongful activities had been targeting advertisements at telephone numbers that users had provided for account security. The fine was also linked to fact the political consulting firm Cambridge Analytica had gained access to the data of tens of millions of Facebook users. In a statement widely reported by media, Joseph Simons, the chairman of the United States’ Federal Trade Commission, which levied the fine, described the settlement as “unprecedented in the history of the FTC”. The measures the FTC imposed were designed to “change Facebook’s entire privacy culture” to prevent further violations. The scale of the recent fines raises questions over why regulators have apparently become so much tougher over customer data breaches. Amanda Finch, chief executive of the chartered Institute of Information Security Professionals (IISP), a UKbased organisation with an international membership, describes fines such as the
OCTOBER 2019
43
FEATURE
one imposed on BA as “quite significant”. “That makes boards sit up and take notice. I think having higher fines is going to make people more focused,” she says. “The idea was if fines outweigh the cost of improving security or having more people to improve awareness, processes and procedures, organisations are going to realise it’s more cost-effective to prioritise their cybersecurity right from the beginning.” While the recent fines have grabbed headlines, Julian Williams, a professor in accounting and finance at Durham University in the United Kingdom, says that in the United States “there’s been quite a long history of heavy fines for data breaches”. “In the US there’s a great deal of civil penalties attached to data security breaches,” he says, noting that the country has very specific regulatory cybersecurity oversight in sectors not necessarily linked to consumers, such as bulk electricity transmission. Although he notes that the US has been imposing significant fines even before the recent flurry of supersized penalties were levied, Williams indicates that, with respect to the large social media networks, there has been a ramping up of penalties and, in the past, some of the fines have been too small. “I don’t think even those companies would argue with that,” he says. “The way that you can impact the major social network providers is to regulate what they can do with their data in respect of their true customers – the advertisers, who pay for aggregated and repackaged data to improve targeting.” Although regulators are getting tougher when it comes to cyber breaches, Williams points out that fines for other types of regulatory breaches can be higher. Key areas where corporates might
44
OCTOBER 2019
Julian Williams, Durham University
“AT LEAST NOW THERE’S AN INCENTIVE FOR CEOS TO TAKE THAT AS BEING MORE OF A PRIORITY. IF THERE’S A REAL IMPACT ON THE BOTTOM LINE, CEOS WILL TAKE CYBERSECURITY SERIOUSLY.” fall foul of regulations, he notes, are breaches linked to anti-trust activities, the environment, employment protection and customer information. Anti-trust breaches, it seems, are sometimes taken more seriously than the loss of customer data. For example, in 2007 British Airways was hit with a £270 million (Dh1.23 billion) fine for fixing the price of fuel surcharges. In today’s money, that is more than £370 million (Dh1.69 billion), which is around double the size of BA’s recent data breach fine. In this climate, it is perhaps not surprising that cybersecurity has sometimes not been given the priority in corporate budgets that perhaps it should have been. “I’ve seen companies we’ve talked to in the past who are turning over several billion pounds and spent over five years less than £50 million (Dh227.92 million) on cybersecurity. As a fraction of total turnover it’s very small,” says Williams. Often for legacy systems, investments in cybersecurity are “too expensive”, which may have caused companies to focus on other things. Notwithstanding the possibility that other types of wrongdoing, such as price fixing, are perhaps still treated more seriously than cyber breaches, Williams says that the tough recent stance of regulators is likely to influence the behaviour of companies. “At least now there’s an incentive
for CEOs to take that as being more of a priority. If there’s a real impact on the bottom line, CEOs will take cybersecurity seriously,” he says. Even the $5 billion fine imposed by Facebook by the Federal Trade Commission was not, however, enough for some commentators. Writing in the Los Angeles Times, the Pulitzer Prize-winning journalist and author Michael Hiltzik complained of the “essential toothlessness of the FTC’s approach to manifest legal wrongdoing and its unwillingness to bring individual wrongdoers to account”. Hiltzik noted that Facebook’s founder and CEO, Mark Zuckerberg, the chief operating officer, Cheryl Sandberg, and the board of directors would be released of liability for previous violations. “The settlement underscores the folly of government enforcement deals that levy fines or penalties against corporations but leave their executives and directors – the true wrongdoers – with their pockets full,” wrote Hiltzik. Finch at the IISP thinks regulators should consider action against individuals, such as bans from practising, mirroring the way in which other professionals such as accountants may have their registration removed. “If somebody had responsibility on the board, if they cannot continue their role, and it was seen as criminal activity and professional negligence, that would also focus the mind,” she says.
www.tahawultech.com
INTERVIEW
A UNIFIED APPROACH IN A DETAILED CONVERSATION, HUSNI HAMMOUD, GENERAL MANAGER, IVANTI MIDDLE EAST, DISCUSSES HOW THE IT SOFTWARE FIRM’S HOLISTIC OFFERINGS ON DATA MANAGEMENT AND SECURITY WILL ENABLE REGIONAL CUSTOMERS’ DIGITAL TRANSFORMATION.
C
an you please share some of the recent highlights at Ivanti? Over the last few months, we have deployed significant updates into our portfolio of cloud solutions and have introduced improvements to our automation and security features. We have also successfully consolidated a number of our solutions to ensure that we deliver comprehensive solutions that are tailored to the needs of both our enterprise and SMB customers. We have also strengthened both our global and local teams and onboarded new members across our operations in the US and the Middle East. As for our channel ecosystem, we have onboarded major partners and systems integrators to help us achieve our growth objectives in the region. In addition, before the year ends, we aim to announce new IT packages and platforms for our customers in the SMB space to make sure that they remain competitive in their digital transformation agendas. As the digital economy grows, organisations are generating data faster than ever before. How has this impacted your organisation? Data is the new oil of the digital economy. Last year, we saw public and private sector organisations increase
46
OCTOBER 2019
www.tahawultech.com
their focus on regulating the way data is being used, stored and accessed. We have seen the enactment of stricter privacy laws including the EU General Data Protection Regulation (GDPR). These developments have driven organisations to look more closely into how they manage and protect their data. Subsequently, it also pushed security vendors to develop more innovative tools and solutions that will enable enterprises to be compliant. Ivanti is a major player in this space. With offerings ranging from identity and access management, endpoint security and patch management among others, we provide organisations with a holistic platform to protect and monitor their data. We also offer workspace management solutions to enable enterprises to effectively and efficiently manage within their IT infrastructure. We have integrated security across all our management solutions and to help end-users prevent any hacking and ransomware or mitigate any risks of data loss. At Ivanti, we always find the right balance between delivering our customers’ IT needs and optimising user experiences. We aim to deliver a unified IT infrastructure while boosting productivity and increasing security. Today, data security is one of the major concerns for any organisations. How can Ivanti help companies develop a strong security strategy? We believe that an effective security strategy is something you can’t build with one stone, instead, it’s a wall that’s made up of multiple technologies. This is why, over the recent past, we have done a lot of consolidations to make sure that we provide our customers with a full-fledged security infrastructure that will help them minimise the risks.
www.tahawultech.com
“AT IVANTI, WE ALWAYS FIND THE RIGHT BALANCE BETWEEN DELIVERING OUR CUSTOMERS’ IT NEEDS AND OPTIMISING USER EXPERIENCES. WE AIM TO DELIVER A UNIFIED IT INFRASTRUCTURE WHILE BOOSTING PRODUCTIVITY AND INCREASING SECURITY.” Artificial intelligence (AI) and machine learning are among the biggest buzzwords in the industry today. What innovations are you doing in this area? From day one, we have integrated AI and machine learning into the solutions that we have developed and will continue to do so as we develop new tools. We believe AI will provide IT security solutions with the ability to quickly identify risks and mitigate those risks. When a breach occurs, AI-powered tools will enable organisations to quarantine infected devices without causing any downtime. By eradicating menial tasks, it will also enable enterprises to make solid and sound decisions regarding their security strategies. AI issues around cybersecurity will be dealt with in real-time and very quickly with minimal or no need for human intervention. We have been developing solutions in this area for a long time and have reached a certain level of maturity in this space. We aim to continue developing innovations with the help, of course, of our dedicated team to ensure that we leverage these technological trends across all our future solutions. A recent study by IDC shows that between 2018 and 2022, IT-related spending on digital transformation will touch $7.5 trillion. How can organisations adapt to these changes? As I have mentioned previously, data will play a major role in the evolution
of multiple technologies in the market. That’s why we will see organisations adopting tools and solutions from data analysis, to machine learning, AI and blockchain, which are all focused on minimising the use of legacy systems and augmenting data transactions. At the core of it all is security, so we can expect organisations strengthening their investments in cybersecurity to adapt and stay resilient in the digital economy. Last but not least, organisations will also need to look closely into the human factor of digital transformation. They should focus their investments into developing talents and equipping them the new technical skillsets that will help them leverage advanced technologies. What do you hope to achieve at GITEX Technology Week 2019? Over the past couple of years, we have done a lot of acquisitions as well as integration within our offerings. We can now say that we have a fully mature platform that our partners and endusers can leverage to transform their business more effectively and efficiently. At GITEX, we will showcase how our solutions around security, end-user management, IT management, and process and workflow management among others can help them eliminate any complexities within their IT infrastructure. We will highlight how we can provide them with a holistic solution that’s cost-effective and easy to deploy.
OCTOBER 2019
47
INSIGHT
WHY ENTERPRISES NEED GENDER DIVERSITY IN SECURITY ROLES BY ROBERTA WITTY, VP ANALYST, GARTNER
D
iverse teams provide an immediate and longlasting solution to the global shortage of security talent. For every 100 security and risk management (SRM) executives, only about a quarter of them are women. The good news is that as the benefits of diversity are more widely realised, that number will increase by nearly 15 percent by 2020. “While this makes for pretty sober reading, the good news is that the general workforce pipeline has a more balanced male-to-female ratio, meaning that over time, it’s likely that there will be more female leaders in the discipline,” says Roberta Witty, VP Analyst, Gartner. The Gartner Gender Diversity in Security and Risk Management Survey explored how gender diversity impacts the ability of an organisation to manage its security and risk management objectives.
GARTNER SECURITY & RISK MANAGEMENT SUMMIT Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summit 2019 taking place on 28th to 29th October in Dubai, United Arab Emirates. Follow news and updates from the events on Twitter at #GartnerSEC.
48
OCTOBER 2019
Recruit diverse teams and outperform others Gender-diverse and inclusive teams outperform gender-homogeneous, less-inclusive teams by an average of 50 percent. A recent Gartner research found that managers of inclusive technology teams were more likely to say their teams outperformed noninclusive teams in all seven measures studied, including implementing new ideas and making timely decisions. Early exposure to security and risk management disciplines develops more qualified candidates and provides professional support for gender parity. Gartner recommends that companies target women while they’re still in school to sell them on a career in security and risk management. “Grow the general workforce pipeline for security and risk management by partnering with primary, secondary and higher educational institutions to introduce young women to the security and risk management professions,” says Witty. “Do not focus only on technical educational programs; approach liberal arts and communications academic programs to ensure that females understand the value of a security and risk management career choice.” Retain diverse talents Women find security and risk management professions to be
excellent career paths, according to the survey. However, concerted efforts must be taken to retain them; otherwise, women may leave their positions to find a transparent and supportive work environment elsewhere. Respondents believe sponsoring and mentoring high-potential women will improve the recruitment and retention of women in security and risk management. Diversity task forces are extremely important, but mandatory diversity training, job tests and grievance systems are not perceived as beneficial for organisational diversity. Implement gender-blind recruiting practices and training to mitigate gender discrimination, and use retention practices that promote women to top leadership and executive positions. Providing work-life balance practices such as flexible work hours is a competitive differentiator in the labor market that can improve the retention and recruitment of women. People want to work where they know they will be accepted and respected for their unique background, skills and knowledge. It is a win-win situation for all parties. These efforts will contribute to the vast majority of organisations that will exceed their financial targets through 2022 by equipping frontline decisionmaking teams with a diverse and inclusive culture.
www.tahawultech.com
Synergising the Mind & Technology Economy The biggest tech show in the Middle East, North Africa & South Asia
#GITEX2019
gitex.com
#gitexfuturestars
futurestarsSales@dwtc.com
INSIGHT
HOW TO TACKLE TOMORROW’S DIGITAL BUSINESS SECURITY RISKS
A
s cybersecurity risks increase in digital business, organisations continue to struggle in attracting, retaining and, most critically, developing security talent. Security and risk management leaders responsible for information security must evolve their practices and organisational cultures to keep pace with the digital business era. “Risk management, governance, business continuity and people — the most important asset — are critical elements of a successful risk and security program,” says Earl Perkins, Vice President, Analyst at Gartner. “When allocating resources and selecting products and services this year, security and risk management leaders should consider three important strategic planning assumptions.” By 2022, 40 percent of business continuity management (BCM) programs
GARTNER SECURITY & RISK MANAGEMENT SUMMIT Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summit 2019 taking place on 28th to 29th October in Dubai, United Arab Emirates. Follow news and updates from the events on Twitter at #GartnerSEC.
50
OCTOBER 2019
BY EARL PERKINS, VICE PRESIDENT, ANALYST, GARTNER will be integrated into the digital business risk management structure rather than exist as separate practices. The momentum of digital transformation projects within digital business will outpace the ability of organisations to accommodate changes related to security. Concurrently, the growing need to provide 24/7 technology services to support digital business and customer-facing services is changing the way that organisations interact internally and externally. These changes, as well as the constant threat of cyberattacks, will lead organisations to formalise the relationship between BCM and digital information security functions. “Stakeholders should be urged to accept BCM as part of the organisational structure,” says Perkins. “Managers within the digital business who oversee the delivery of critical activities will need to gain the necessary skills to engage with resilience planning as a businessas-usual function.” Through 2022, 30 percent of large enterprises will build a security skills management program including experimental recruiting and talent development practices. Cybersecurity risks are increasing despite the efforts of trained security professionals. Organisations continue to struggle with attracting, retaining and developing security talent.
Organisations must change their talent development and recruiting practices to be able to address missing skills. Start by building and developing a list of new competencies and skills required to support digital business initiatives. Then adapt short-term skills management practices by outsourcing security functions to managed security service providers (MSSPs) and/or delegating responsibilities to other internal staff. By 2022, 75 percent of organisations that outsource email and collaboration tools won’t meet their critical recovery objectives during a supplier outage. Email and collaboration applications are considered mission-critical resources for most organisations. Conducting business without them can impede production, result in lost transactions and hamper crisis management activities. When an organisation outsources these applications, many suppliers do not provide recovery with short timeframes. “It’s imperative for the organisation to maintain internal control and governance over all applications used in the delivery of products and services,” says Perkins. “It is also crucial to understand your vendor’s recovery commitments and communication protocols for outages to ensure they meet recovery requirements.”
www.tahawultech.com
By 2021, 50% of large enterprises will use an integrated risk management (IRM) solution set to provide better decision making capabilities.
Gartner Security & Risk Management Summit 28 – 29 October 2019 | Dubai, UAE gartner.com/me/security
Discover the latest research and recommendations to transform your security strategy and build resilience across the enterprise.
Source: Gartner Š 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademarks of Gartner, Inc. or its affiliates in the U.S. For more information, email info@gartner.com or visit gartner.com.