Security Advisor Middle East | Issue 41

ISSUE 41 | SEPTEMBER 2019

WWW.TAHAWULTECH.COM

INTERVIEW: CORELIGHT’S ALAN SALDICH

PREVIEW:

GITEX 2019

CLEAR SKIES AHEAD AMER CHEBARO ON HOW QUEST ENABLES SAFE AND SEAMLESS CLOUD JOURNEYS

HOW TO BUILD AN EFFECTIVE SOC

CRYPTOCURRENCY FRAUD:

The other side of the coin

DEEPFAKE:

Looks can be deceiving

CONTENTS FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135

16

Contributing Editors Daniel Bardsley Janees Reghelini Mark Forker Giorgia Guantario DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130

12

Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111

18

CLEAR SKIES AHEAD

PRODUCTION Operations Manager Cherylann D’Abreo cherylann.dabreo@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh

22

Quest’s Amer Chebaro on securing cloud transformations

Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by

Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

6

GITEX PREVIEW

24

5G: A SECURITY BANE OR BOON?

A sneak preview of some of the technology players taking part at GITEX Technology Week.

Aruba’s Gamal Emara on 5G’s impact on data ownership

26 THE OTHER SIDE OF THE COIN

How cryptocurrencies can be regulated to fend off fraudsters

30 LOOKS CAN BE DECEIVING

Experts discuss the implications of deepfake technology

33 FACING FACTS

Pros and cons of automated facial recognition technology

36 BACK TO BASICS

Five recommendations for boosting your security posture

NEWS

SYMANTEC SELLS OFF ENTERPRISE SECURITY UNIT FOR $10.7 BILLION Symantec has sold off its enterprise security business to chipmaker Broadcom in a deal worth $10.7 billion. According to Broadcom, the addition of Symantec’s enterprise security portfolio will significantly expand its infrastructure software footprint. Hock Tan, president and CEO, Broadcom, said, “Symantec is recognised as an established leader in the growing enterprise security space and has developed some of the world’s most powerful defense solutions that protect against today’s evolving threat landscape and secure data from endpoint to cloud. “We look forward to expanding our footprint of mission critical infrastructure software within our core Global 2000 customer base,” Tan added. With product lines across endpoint security, web security services, cloud security and data loss prevention, Symantec’s enterprise security business offers a comprehensive suite of integrated solutions. The transaction, which is expected to close in the first quarter of Broadcom’s fiscal year 2020, is subject to regulatory approvals in the US, EU and Japan and other customary closing conditions. Following the closing of the transaction, Broadcom will own and incorporate the Symantec brand name into the Broadcom portfolio.

52%

OF CYBER INCIDENTS AFFECTING OPERATIONAL TECHNOLOGY AND ICS NETWORKS ARE CAUSED BY HUMAN ERROR SOURCE: KASPERSKY

4

SEPTEMBER 2019

CROWDSTRIKE NAMED AMONG LEADERS IN GARTNER MAGIC QUADRANT FOR EPP CrowdStrike has announced that it has been positioned by Gartner in the Leaders quadrant of the “Magic Quadrant for Endpoint Protection Platforms.” The report, which evaluates vendors based on completeness of vision and their ability to execute, positioned CrowdStrike furthest for completeness of vision in the entire Magic Quadrant. “We believe CrowdStrike’s position in the Leaders quadrant validates that our cloud-native model empowers the delivery of endpoint security services at a pace and scale that meets the needs of modern, distributed businesses,” said George Kurtz, chief executive officer and co-founder of CrowdStrike. The CrowdStrike Falcon Platform is a scalable single-agent EPP platform that provides a sophisticated, yet easy user experience for the enterprise and stops cyber breaches. It offers next-generation AV, endpoint detection and response (EDR), managed threat hunting, IT hygiene,

DAN SCHIAPPA, SOPHOS

Global network and endpoint security firm Sophos has announced that Gartner, has once again positioned it as a Leader in the Magic Quadrant for Endpoint Protection Platforms. This is the 11th time in a row Sophos has been positioned as Leader. According to Sophos, its placement is driven by its strong endpoint protection, real-world endpoint detection and response (EDR) usability, as well as its unifying platform, Sophos Central. “We believe Gartner recognised Sophos for our proven record at stopping ransomware, the deep learning technology that blocks never-seen-before

GEORGE KURTZ, CROWDSTRIKE

threat intelligence and vulnerability management, all via a single lightweight agent that is rapidly deployable and delivers a seamless experience for security teams and end-users. CrowdStrike Falcon customers can prevent attacks on endpoints on or off the network with the power of crowdsourced data that delivers cloud-scale artificial intelligence (AI) with real-time protection and visibility across the enterprise, including at the firmware level.

GARTNER NAMES SOPHOS A LEADER IN EPP MAGIC QUADRANT malware, and our anti-exploit technology. These are some of the ensemble of technologies available in Intercept X,” the company said in a statement. Dan Schiappa, chief product officer, Sophos, said, “Recent awareness of million dollar ransomware payments and GDPR fines indicates that IT managers are still not putting in place the protection they need to prevent cyber-attacks. This is in part because they are inundated with threats coming from all directions and, in some cases, cybercriminals are using multiple methods and payloads along a single attack chain.”

www.tahawultech.com

APPOINTMENTS

HELP AG ACCELERATES AI-POWERED CYBERSECURITY WITH NEW PARTNERSHIP Help AG has announced a new partnership with Exabeam, the Smarter SIEM company. As the Middle East focus partner for Exabeam, Help AG will bring to market Exabeam’s security information and event management (SIEM) and user and entity behaviour analytics (UEBA) solutions. According to both firms, the partnership seeks empower regional enterprises to detect, investigate and respond to cyber-attacks more efficiently and effectively. Stephan Berner, CEO, Help AG, said, “Through the application of AI to critical labour-intensive tasks, Exabeam expertly enables cybersecurity teams to refocus their efforts on risk rather than events. This is especially beneficial in the region, as these solutions can

alleviate the workload on understaffed IT teams, while delivering an elevated ability to detect and mitigate the impact of complex cyber-attacks.” Exabeam offers a comprehensive Security Management Platform (SMP) that enables organisations to take advantage of Big Data, advanced analytics, and automation capabilities to reduce time to investigate and contain threats by 51 percent. Exabeam’s solutions integrate seamlessly with key technologies in Help AG’s portfolio – such as security solutions from Splunk and Vectra – as well as with cloud environments such as Microsoft Office 365, AWS, Google, and Salesforce. “Exabeam’s solutions perfectly complement the security technologies that form the core of Help AG’s product

STEPHAN BERNER, HELP AG

portfolio, thereby enabling us to create highly effective turn-key solutions for our customers. Furthermore, we have deployed these solutions within our own Cybersecurity Operations Centre (CSOC), thereby enhancing our 24×7 Managed Security Services (MSS) offering,” Berner said.

NEW RANSOMWARE GROWS 118% AS CYBERCRIMINALS ADOPT FRESH TACTICS: REPORT Global cybersecurity firm McAfee has recently released a new industry report examining cybercriminal activity and the evolution of cyber threats in Q1 2019. The McAfee Labs Threats Report: August 2019 saw an average of 504 new threats per minute in Q1 and a resurgence of ransomware along with changes in campaign execution and code. More than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter. Sixty-eight percent of targeted attacks utilised spearphishing for initial access, 77 percent relied upon user actions for campaign execution. McAfee Advanced Threat Research (ATR) observed innovations in ransomware campaigns, with shifts in

www.tahawultech.com

initial access vectors, campaign management and technical innovations in the code. According to the report, while spearphishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground. RDP credentials can be used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks.

McAfee researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns versus the traditional approach of setting up command-andcontrol (C2) servers. The most active ransomware families of the quarter appeared to be Dharma (also known as Crysis), GandCrab and Ryuk. Overall, new ransomware samples increased 118%.

SEPTEMBER 2019

5

GITEX PREVIEW

A SNEAK PREVIEW OF SOME OF THE TECHNOLOGY PLAYERS TAKING PART AT GITEX TECHNOLOGY WEEK.

BULWARK TECHNOLOGIES TO SHOWCASE IT SECURITY OFFERINGS UAE-based Bulwark Technologies has announced that it will be showcasing an array of internationally acclaimed products at GITEX Technology Week 2019. Gearing up for the event, the company has reiterated the importance of building a strong, integrated security infrastructure in the region. Located in Sheikh Rashid Hall, stand SR-D20, Bulwark will highlight its endto-end security solutions and customercentric distribution strategies during the show. The leading Value-Added Distributor will announce some major partnerships and demonstrate their ‘Best in Class’ products and solutions like Enterprise DLP,Web Application Vulnerability Scanner, Secure Encrypted Flash Drives/ Hard Discs, Hardware Security Module

6

SEPTEMBER 2019

(HSM) amongst others and elaborate on their collaboration with key vendors to act as their extended arms in the Middle East Region. “For GITEX, where we have been showcasing for over a decade now, we employ a two-pronged approach. We not only showcase optimum technologies

catching pace in this region, but also introduce newer technologies that are gaining acceleration for their ease of use across the globe. Our approach this year has been driven based on a strong demand in the security distribution market,” said Jose Thomas Menacherry, managing director, Bulwark.

www.tahawultech.com

FORTINET TO PROTECT BUSINESSES’ DIGITAL ATTACK SURFACE Cybersecurity firm Fortinet will highlight the importance of securing edge networks and showcase its Secure SD-WAN, SD-Branch, OT and Cloud Security solutions at GITEX 2019. “The network perimeter is being replaced with new edge networks. As data moves between multi-cloud, IoT, SD-WAN and next-gen branch offices, and mobile devices, the challenge is ensuring security and consistency between these environments,” said Alain Penel, regional vice president, Middle East, Fortinet. “At GITEX, we will further emphasise how the Fortinet Security Fabric delivers broad, integrated, and automated protection across an

Alain Penel, Fortinet

organisation’s entire digital attack surface from IoT to the edge, network core and multi-clouds.” Fortinet’s key solutions at the show include: secure SD-WAN, security solutions for ICS and SCADA and multicloud security. Fortinet will be present in the Enterprise Networking and Security section in the Sheikh Rashid Hall Stand SR- C4, where it will hold live demo sessions, where visitors can also hear from its product experts about how Fortinet solutions protect the entire end-to-end infrastructure without compromising network performance.

PROOFPOINT TO SPOTLIGHT ITS PEOPLE-CENTRIC CYBERSECURITY SOLUTIONS Proofpoint will showcase its portfolio of people-centric cybersecurity solutions, that protect organisations’ greatest assets and biggest risks: their people. “Cybercriminals relentlessly target the people who will provide the most lucrative pay-out and that’s why we are committed to delivering innovative people-centric security and training solutions that ensure an organisation’s most attacked people are protected,” Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint. “We continue to invest in the Middle East and are excited for our participation at GITEX. The week represents a cornerstone in the Middle East cybersecurity events calendar, and a fantastic opportunity to educate partners, customers and prospects on the cyber

www.tahawultech.com

risks facing employees today.” With an integrated suite of cloudbased solutions, Proofpoint provides visibility into organisation’s most targeted employees—and they often aren’t the traditional VIPs, but rather their very attacked people (VAPs). The company will showcase the following solutions during GITEX: Proofpoint Security Awareness Training; Proofpoint Email Protection; Proofpoint Advanced Threat Protection; and Proofpoint Cloud App Security. Proofpoint also recently announced two industry-first innovations - enhanced URL isolation based on user risk profiles and new training customization, both of which will be showcased at the conference. Proofpoint will be exhibiting in the Sheikh Rashid Hall at Stand SR-F2.

Emile Abou Saleh, Proofpoint

SEPTEMBER 2019

7

GITEX PREVIEW

RING TO PROMOTE INNOVATIONS FOR MAKING NEIGHBOURHOODS SAFER Ring will promote its innovative home security products and services at GITEX, giving customers the opportunity to experience Ring products firsthand and to learn about the devices’ features and benefits. “Ring’s mission to make neighbourhoods safer drives every decision we make. Your house is more than just four walls, it’s your home. It’s where we lay our heads down at night, where our children feel safe and where we keep our valuables. Whatever makes your house a home, we want to do everything we can to protect it and help provide convenience and peace of mind to homeowners by keeping an eye on their most important possession, their home, even when they can’t physically

be there. The goal is to bring the same convenience and security to Middle Eastern neighborhoods,” said Mohammad Meraj Hoda, vice president of Business Development, Middle East and Africa, Ring. Ring will showcase its latest suite of smart home security products, including the Ring Stick Up Cams, Ring’s first cameras meant for both indoor and outdoor use. With multiple power options, Stick Up Cams give customers maximum flexibility to position the cameras anywhere to secure virtually every corner of their property. In addition, Ring will also showcase all available Ring Doorbells and Cams, which are all Wi-Fi enabled and equipped with HD video, motion-

Mohammad Meraj Hoda, Ring activated alerts, two-way talk, and night vision. Ring will be at GITEX at Zabeel Hall Z3-C12.

THREATQUOTIENT SET TO MAKE DEBUT AT GITEX ThreatQuotient will be making its first appearance at GITEX Technology Week this year. ThreatQuotient believes that threat intelligence is the glue that binds together disparate systems and teams, and that a threat-centric security operations platform is foundational to overall security posture. In line with this, ThreatQuotient will use the GITEX platform to promote the ThreatQ platform, to customers and partners. “With threat intelligence as an organisation’s foundational element, ThreatQ makes security operations more efficient and effective. Every company has its own unique environments and faces different threats, which is why ThreatQ empowers organisations to set their own specific controls for prioritising the threat intelligence that is most relevant

8

SEPTEMBER 2019

Anthony Perridge, ThreatQuotient to them,” said Anthony Perridge, VP of International at ThreatQuotient. “ThreatQ acts as the heart of an organisation’s defense system, able to integrate with all security tools that need to work in unison - such as orchestration

tools, SIEMs, network security, endpoint software, multiple intel feeds and other processes and we are excited to have a platform like GITEX to showcase our product and solutions to our regional customers and partners,” he added. At GITEX, ThreatQuotient will educate customers and partners on why large and small threat intelligence teams would benefit by using ThreatQ. The company also aims to showcase how by leveraging an integrated self-tuning Threat Library, Adaptive Workbench and Open Exchange, ThreatQ has become the foundation of security operations and threat management systems for organisations across the globe. ThreatQuotient will be exhibiting alongside StarLink on Stand SR-J1 in Sheikh Rashid Hall.

www.tahawultech.com

GITEX PREVIEW

TREND MICRO TO DEMO THE ‘ART OF CYBERSECURITY’ Trend Micro has announced that it will showcase “The Art of Cybersecurity” during its participation at GITEX Technology Week 2019. The company will also highlight how 400 million pieces of global security data can enable enterprise protection on the cloud. Trend Micro has commissioned six artists to process and interpret cybersecurity data. Rather than at a standalone stand, Trend Micro will showcase these artistic interpretations specialized pods at six different partners’ stands, as well as on screens between demos. “As the cybersecurity landscape becomes more complex, cyber threats can be abstract to understand and ugly to confront when they strike,” said Dr.

Moataz Bin Ali, vice president, Trend Micro, Middle East and North Africa. “However, with our GITEX theme of ‘The Art of Cybersecurity,’ we aim to show how cybersecurity can be beautiful when organizations literally see how siloed threats can be put together to show a big picture, helping organizations stay one step ahead of cyber-threats.” At the show, Trend Micro will also will highlight its Deep Security solution for cloud and data security with AWS, Microsoft, and VMware, along with its new XDR detection and response solution for email, endpoint, server, and network with its channel partners Redington and StarLink. Trend Micro will also highlight security innovations across DevOps, collaboration, and cloud apps.

Dr. Moataz Bin Ali, Trend Micro

VEEAM TO HIGHLIGHT IMPORTANCE OF DATA MANAGEMENT AND SECURITY Veeam Software will showcase how it aims to help regional organisations transition to the cloud and embrace digital transformation during its participation at GITEX Technology Week. At the event, executives from Veeam will also share the firm’s vision for Cloud Data Management, delivering live demonstrations of Veeam Availability Platform. Claude Schuck, regional manager, Middle East, Veeam, said, “As the importance of data has grown to drive every aspect of the digital business, so has the need for solutions that ensure information is available at any time, no matter where it resides. There is a new expectation for data in today’s enterprise: Data must move to a higher

10

SEPTEMBER 2019

state of intelligence and be able to anticipate need and meet demand. Data must also move securely across multi-cloud infrastructures and meet the expectations of the mobile, alwayson world. Schuck highlighted that GITEX is an opportunity to turn the spotlight on the criticality of Cloud Data Management. “CIOs and IT managers need to understand that ensuring instant and reliable data availability requires an evolution in how it is managed from policy-driven to behavior-driven, leveraging Artificial Intelligence and Machine Learning to enable data to back up autonomously, migrate to the right location based on the business need and to secure itself during anomalous activity,” he said.

Claude Schuck, Veeam

www.tahawultech.com

CABLE SOLUTIONS FOR BUILDINGS AND INDUSTRIAL

COPPER SOLUTIONS | FIBER SOLUTIONS | DATACENTER SOLUTIONS | TELECOMMUNICATION SOLUTIONS | FIREPROOF CABLES | COAXIAL CABLES INSTRUMENTATION & AUDIO CABLES | CABINET & ACCESSORIES

SURVEILLANCE SYSTEM

AUDIO MATRIX SYSTEM | FIREPROOF CEILING LOUDSPEAKERS | CEILING, HORN, PROJECTION, COLUMN & WALL MOUNTED LOUDSPEAKERS MIXER & POWER AMPLIFIER | HANDHELD & PAGING MICROPHONE

PUBLIC ADDRESS SYSTEM

ANALOG BULLET CAMERA | DOME CAMERA | PTZ CAMERA | DVR | IP BULLET CAMERA | DOME CAMERA | PTZ CAMERA BOX CAMERA | NVR | EXPLOSION PROOF CAMERA

Norden Brands

Norden Communication UK Ltd

Unit 13, Baker Close, Oakwood Business Park Clacton-on-Sea,CO15 4BD, Essex, United Kingdom Tel: +44 [0] 1255 474063. E-mail: support@norden.co.uk

www.nordencommunication.com

COVER FEATURE

CLEAR SKIES AHEAD CLOUD COMPUTING IS A POWERFUL TOOL DRIVING INNOVATION AND GROWTH FOR MANY ORGANISATIONS. AS MORE AND MORE MODERN ENTERPRISES REALISE ITS PROFOUND BENEFITS, QUEST GENERAL MANAGER AND SALES DIRECTOR FOR EMEA EMERGING MARKETS AMER CHEBARO DISCUSSES HOW THE FIRM IS WELL-POSITIONED TO HELP ENTERPRISES SEAMLESSLY AND SAFELY TRANSITION TO THE CLOUD.

C

an you please give an overview of Quest’s operations here in the region? Established in 1987, Quest is a global software solutions firm headquartered in Aliso Viejo, California. Our regional operation is based in Dubai where we cater to multiple markets

“ORGANISATIONS ARE INCREASINGLY SEEING THE TRUE VALUE OF THE CLOUD FROM COST-SAVINGS, TO INCREASED UPTIME, STRONGER SECURITY, AND BETTER AGILITY.” 12

SEPTEMBER 2019

in the Middle East, Turkey, Central and Eastern Europe and Africa. A key focus for us is helping organisations accelerate their digital transformation journey and enable them to seamlessly move to the cloud as well as help them mitigate various security threats. With the goal help to enterprises solve complex IT problems with simple solutions, Quest has multiple product sets that enable end-users to efficiently manage their infrastructures be it on-premise or in the cloud across multiple industries. Over the past few years, we have seen a couple of big trends in the market where we believe Quest has played a key role. The first one is the consolidation of various large enterprises. For example, in the banking industry, we have seen mergers between some of the leading banks here in the region. We have been instrumental in enabling these organisations successfully merge their IT infrastructures without disrupting their business operations. The second trend we have observed is the increase in cloud adoption here

in the region. Quest is equipped with the right tools and skills to enable organisations to seamlessly move customers’ workloads from their data centres to the cloud while ensuring that the right safeguards are applied. What has been the biggest challenge that organisations face when it comes to moving to the cloud? How can Quest help organisations tackle those challenges? Initially, the biggest challenge here in the region is the lack of local data centres of some of the top multinational cloud providers. This has caused cloud adoption among Middle East organisations to lag behind. However, as we have seen recently, that has changed, especially with the Amazon Web Services opening its data centre operations in Bahrain and Microsoft unveiling two new data centres in the UAE. In Saudi Arabia, several telcos have established world-class local data centres. As a result, we have seen regional businesses become more open to transition to the cloud.

www.tahawultech.com

www.tahawultech.com

SEPTEMBER 2019

13

COVER FEATURE

14

SEPTEMBER 2019

www.tahawultech.com

“QUEST IS EQUIPPED WITH THE RIGHT TOOLS AND SKILLS TO ENABLE ORGANISATIONS TO SEAMLESSLY MOVE CUSTOMERS’ WORKLOADS FROM THEIR DATA CENTRES TO THE CLOUD WHILE ENSURING THAT THE RIGHT SAFEGUARDS ARE APPLIED.” Quest and One Identity provide tools and services that help companies move seamlessly to cloud environments without any disruption, in a cost-effective and secure way. We provide a seamless way for users to roll back workloads in case of server or link failure. More than saving time and effort, this process allows us to provide our customers with the confidence and safety that can help prevent unfortunate accidents during cloud migration. How has the move to the cloud impacted how Middle East firms view data management and protection? As organisations deal with increasingly complex IT systems they seek better ways to manage, monitor, and protect their data and cloud is the key. Cloud has enabled enterprises today to be more agile. With cloud, data can be easily and rapidly shared across multiple computing systems within an organisation or across third-parties. It also enables them to have a more flexible infrastructure that allows them to seamlessly scale up or down to handle bigger workloads. Organisations are increasingly seeing the true value of the cloud from cost-savings, to increased uptime to security. Global cloud providers are investing significantly to ensure that their offerings are embedded with the right security measures to safeguard their customers’ data. This then drives enterprises to trust cloud platforms more and more.

www.tahawultech.com

Furthermore, the introduction of legislations such as the EU General Data Protection Regulation (GDPR) have pushed both cloud providers and enterprise customers to be more responsible in using and safeguarding their data. What is the biggest security concern that cloud-based organisations have? For any organisation in the cloud, safeguarding sensitive data such as user identity is of utmost importance. Quest, through its One Identity offerings, provides comprehensive identity governance, access management and privileged management, and identity solutions that help organisations harness the value of their data unimpeded by cyber threats. What is Quest’s main principle in helping organisations stay secure in the age of cloud? Quest’s strategy is split into multiple points. First, we advise customers to maintain a “clean” active directory and we provide them with tools to ensure all user accounts there are for real active users. Second, we enable users to selfserve and use one set of credentials to access all their data. Third, we provide the organisation with tools to monitor those IDs and their activity on the network. This helps organisation manage and secure identities from the date of creation, through the life cycle, up until they decommission the user.

SEPTEMBER 2019

15

INTERVIEW

DATA GUARDIAN

AS A TECHNOLOGY SERVICES COMPANY THAT PROVIDES VISA PROCESSING AND PASSPORT ISSUANCE RELATED SERVICES, VFS GLOBAL HANDLES OVER 21 MILLION VISA APPLICATIONS PER YEAR ACROSS 144 COUNTRIES. GROUP DATA PROTECTION OFFICER BARRY COOK SPEAKS TO SECURITY ADVISOR ME ABOUT MANAGING SENSITIVE DATA AND BEING GDPR-COMPLIANT.

W

Barry Cook, VFS

hat does your role as the Privacy and Data Protection Officer at VFS Global entail? My role is primarily focused on compliance. I am responsible for ensuring that the VFS Global Group is adhering to all the necessary data protection legislations across all the 144 countries it operates in. In addition, I have a secondary role, which is to act as an advisor to various business units within the VFS Global Group on how they can operate within the boundaries of the different legislations. This also extends to our product development team, where I make sure that all our offerings are compliant and fully operational right from the beginning. Ensuring that VFS is compliant to all the data protection laws and regulations in over 140

16

SEPTEMBER 2019

www.tahawultech.com

countries must be a daunting task. What kind of strategy have you put in place to ensure that you don’t have any gaps? Apart from employing the right people, what we have done is used the EU General Data Protection Regulation (GDPR) as the baseline of our corporate data protection standards. Data protection laws in multiple countries tend to have similarities. They have certain principles that they all follow and so taking GDPR as the gold standard sets us in the right path to being compliant in a majority of the countries we operate in. By doing so, we only need to look for any specific variations in the laws in each country rather than having to start from scratch.

with. So, making that jump to become GDPR-compliant was relatively easy for us because we have that framework in place. Also, at the corporate level we’ve always had a culture that’s very much aware of how vital data privacy is and why it’s necessary to be compliant to regulations. Where we faced challenges was in conducting audits. This entailed looking into each one of the multiple data processing tools that we have. As we have a very sizeable operation, this procedure took a significant amount of time. With over 9000 employees and catering to 21 million customers annually, being GDPR-compliant is very critical for us.

It has been more than a year since the enactment of GDPR, however, many organisations still struggle with being compliant. For VFS Global in particular, how has its implementation impacted your operations? Even before its official enactment, our operations have always been aligned with the concept and objectives under GDPR. We’ve had a robust information security framework for a very long time because of the nature of our business, the volume of customers and the kinds of data that we are dealing

How do you think has the implementation of GDPR impacted how organisations view data protection? It has been tough for some companies. Although, you must remember that there have been similar regulations being imposed since 1995. So, within the European markets, while it was an important step, it was not a particularly huge shift. However, GDPR has “bigger teeth” so to speak. Therefore, companies are now being extremely careful on how they handle data as they are aware of how much it can hurt their

“HOWEVER, GDPR HAS ‘BIGGER TEETH’ SO TO SPEAK. THEREFORE, COMPANIES ARE NOW BEING EXTREMELY CAREFUL ON HOW THEY HANDLE DATA AS THEY ARE AWARE OF HOW MUCH IT CAN HURT THEIR BUSINESS FINANCIALLY DUE TO THE HEFTY FINES THAT ARE BEING IMPOSED.” www.tahawultech.com

business financially due to the hefty fines that are being imposed. In your opinion, is there a specific aspect of GDPR that needs to be finetuned so organisations will be able to better adhere to it? I think there needs to be further standardisation as there are several derogations that are being allowed in a few countries. But I think that will happen eventually, as GDPR is relatively young there’s plenty of room for improvement. I believe as more and more case laws come into European courts, we’ll get better definition of the different grey areas that exist. What do you think are the biggest challenges organisations face today? It depends on the sector where a company operates in and on the objective of an attack. For example, for a financial and healthcare sectors, data exfiltration of sensitive information such as credit card credentials and healthcare insurance details are clearly the most monetizable form of attack for cybercriminals. However, some threat actors may target intellectual property while some may simply just want to wreak havoc and disrupt the systems of an enterprise. As VFS Global what kind of technologies are you investing in to transform your business as well as the way you handle data? We are looking at blockchain, artificial intelligence and machine learning. We are planning to these trends to provide additional services to visa applicants as well as to help make work easier for government firms. One of our key objectives is to offer services or solutions that are tailored to the needs of the different government agencies to help make processing visa applications more seamless.

SEPTEMBER 2019

17

INSIGHT

ARE YOU BUILDING AN EFFECTIVE SOC? PALO ALTO NETWORKS SENIOR DIRECTOR AND CHIEF SECURITY OFFICER HAIDER PASHA SHEDS LIGHT INTO HOW AN EFFECTIVE SOC CAN ENABLE AN ORGANISATION TO DEFEND ITS DATA AND PROTECT ITS REPUTATION.

T

oday, businesses spend heavily on cybersecurity. But to get value for their money, they need an overarching strategy. The state-of-the-art approach is to build an effective security operations center (SOC). A SOC is commonly referred to as the central command center for cybersecurity operations. A team of security analysts uses advanced detection tools to identify, record and repel cyberattacks. The analysts work with a playbook of processes laying out the steps they need to take to keep their organisation secure. Many large businesses have implemented successful SOCs, especially those dealing with sensitive data such as personally identifiable information (PII). Typically, these include financial and retail companies but also those working with governments and organisations looking to digitise services and use big data.

18

SEPTEMBER 2019

More mid-sized businesses are following suit, though the majority prefer to outsource their SOC to reduce costs. Companies that offer outsourced cyber protection are known as managed security services providers (MSSP). Organisations often build a SOC when they have dozens of security tools operating across their network but struggle to make sense of all the data they produce. Large organisations typically have products from between 40 to 60 security vendors, from endpoint protection and intrusion detection systems to firewalls and scanning tools. Each security tool can generate large volumes of data about network activity and any suspicious exploits. For organisations about to embark on the SOC journey, there are five important questions that boards and chief information security officers should ask before they start building a SOC that is both customised and effective.

1

Why build it? Be clear about what you plan to achieve with a SOC. The aim is to reduce cybersecurity threats, defend the organisation’s data, and protect its reputation. What will be the key performance indicators (KPIs)? These could include incident response times. There should also be agreements between the CISO and the board that set out the level of services the SOC will offer. These can be listed in service level agreements (SLAs) which specify areas such as the speed of response and processes for reporting critical threats.

2

When to deliver? With over 30 possible SOC services, a common pressure is to try and launch everything from day one. Instead, the services should be introduced in logical stages. This could follow a capability maturity model, a methodology for laying out the evolution of software processes, typically

www.tahawultech.com

in five stages. The SOC would complete the first phase, then the CISO and board would check and assess this before moving on to the following stage. This means each stage is fully implemented and functional before going to the next.

3

How do you deliver? Decide on the processes you need to follow to make the SOC efficient. Playbooks and process diagrams are a key discussion point.

4

Who is responsible? Outside of the security division in an organisation, who else has a say to make the SOC effective? Departments such as human resources, compliance, and public relations are some common examples.

5

What is the technology set up? A key decision is which SOC tools should be used. This will depend on the

www.tahawultech.com

objectives, budgets and preferences of the security analysts and the CISO. Tools usually include a security information and event management system (SIEM). This is a dashboard which analyses all security events – possible threats – which affect an organisation’s computer network. It is important to remember that a SIEM is not a replacement for a SOC, but just one tool in the SOC’s armoury. There must also be a ticketing system, so when a threat is identified, a ticket or record is created. This allows teams to seamlessly hand over their workload to other shifts. There could also be a security orchestration and response tool (SOAR), which automates the collection and analysis of low-level threat intelligence. What is so powerful about a SOC is that it goes further than simply identifying and dealing with security incidents. Threat hunting is a vital part of the work of security analysts. They will work with cybersecurity vendors to list possible threats. And they may work with computer emergency response teams (CERTS), which are industry-wide groups that analyse security incidents. The goal is to gather data on so-called

“BUILDING AN EFFECTIVE SOC REQUIRES CLEAR THINKING AND STRONG VISION. DONE WELL, A SOC IS NOT A COST BUT AN INVESTMENT IN DATA PROTECTION AND CORPORATE REPUTATION.” indicators of compromise – as cyber threats are known – and allow analysts to compare the threats they receive with other companies in their field. Building an effective SOC requires clear thinking and strong vision. Done well, a SOC is not a cost but an investment in data protection and corporate reputation. As you plan the cybersecurity strategy for your organisation – and consider the essential tools – here are some key takeaways: • Organisations create a security operations center when they have dozens of cybersecurity tools operating across their network and need visibility and context to identify threats and reduce risk. • A SOC not only identifies and responds to security threats, it also hunts and predicts possible sources of attack. • The what, when, how, and who questions can only be answered when we can clearly articulate why we are building a SOC. • A SOC helps organisations move from reactive to proactive threat management.

SEPTEMBER 2019

19

OPINION

THE NEW NORMAL

ERSIN UZUN, VICE PRESIDENT, DIRECTOR OF SYSTEM SCIENCES LABORATORY, PARC, A XEROX COMPANY, GIVES HIS TAKE ON WHY SECURITY IS NOW ONLY BECOMING AN IMPORTANT CONSIDERATION FOR MANY ORGANISATIONS.

O

ver the past decade, we’ve seen a proliferation of smart devices that possess the capabilities of information processing and network connectivity. The defining characteristic of the Internet of Things (IoT) is that devices, previously restricted to their physical environment, are now connected to a computer network. This network could be a home network, an industrial intranet or even the whole internet. This means that a device, or a gateway that connects a device to the network, is accessible by someone who presents the right credentials, or bypasses the credentials altogether. As computation and connectivity have become commoditized, they have spawned a plethora of solutions that automate, improve and simplify key tasks in industrial control — from gathering sensor readings on the performance targets of a conveyor-based motor car production line, to verifying the freshness of a food shipment in a smart supply chain, to programming a CNC machine to precisely cut a block of metal into the right shape. They have also, unfortunately, exposed a rich attack surface that can be exploited by malicious hackers.

20

SEPTEMBER 2019

Consider, for example, the infamous Stuxnet worm that was used to attack Iranian nuclear installations. A malicious program was inserted into the unit that controlled the operation of the centrifuges in the nuclear reactor. This program caused infrequent changes in the speed at which the centrifuges rotate, which, over a period of time, would cause the centrifuges to deteriorate and fail. What made Stuxnet extremely hard to detect was that the telemetry from the centrifuges was spoofed, i.e., whenever the controller was asked to report the speed of the centrifuges, it would still report benign, expected values rather than the altered velocities induced by the worm. Designed-in security is a worthy objective, but hard to achieve It is often claimed that the way to address this new set of cyber-physical security challenges is to construct systems that are “secure by design.” This requires a system designer to develop an understanding of an attacker’s incentives and the various ways in which he or she can compromise the operations of the system. In the recent Mirai botnet attacks, for example, the adversaries accessed

their targets using commonly used default passwords, which had never been altered by their users. This simple attack infiltrated tens of thousands of devices. The goal of designed-in security is to incorporate measures and protocols that will prevent as many known attack scenarios as possible. A bigger challenge for the security engineer is figuring out how to deal with attack methods that are hitherto unknown, and to design the system in such a way that it can mitigate the negative consequences of such novel attacks. This is a precarious undertaking, and for many IoT systems, this type of designed-in security may be hard to achieve. That’s because many systems — think of the smart power grid, portions of which may have been in operation for decades — contain legacy equipment with old processes and protocols that must be brought up to date with current security best practices, a task easier said than done. It’s not just legacy devices that are hard to secure Some industrial and enterprise applications require a new class of lightweight, low- power, cheap sensors that are deployed in swarms of hundreds or thousands. These devices may power up intermittently or be passive and draw power from other devices in their vicinity. They might engage in opportunistic communication with listening devices in their neighborhood but could remain silent most of the time. The secure communication and storage mechanisms that are typically deployed in cybersecurity solutions are far too complex to be implemented on such lightweight devices. In addition to the conventional protocols for secure communication, secure data storage and key management, we need security approaches that inter-operate across a vast range of device capabilities.

www.tahawultech.com

SANS Gulf Region 16 - 28 NOVEMBER

SEC 560 Network Penetration Testing and Ethical Hacking

FOR 572

W

Advanced Incident Response, Threat Hunting, and Digital Forensics

NE

W

NE

FOR 508

Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

SEC 599 Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

SEC 401

SEC 504

Security Essentials Bootcamp Style

Hacker Tools, Continuous Monitoring Techniques, Exploits, and Security and Incident Handling Operations

FOR 585

FOR 610

Smartphone Forensic Analysis In-Depth

SEC 511

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

ICS 410 ICS/SCADA Security Essentials

“This training is an excellent way for me to level up my career. Two days in and I’ve already grown.” SEC504 STUDENT, COLTEN PEDDIE, NUTRIEN

Book your place at www.sans.org/gulfregion-nov-2019 +971 04 431 0761

www.sans.org/emea

mea@sans.org

@sansemea

INTERVIEW

SECURITY AT THE CORE

ALAN SALDICH, CHIEF MARKETING OFFICER, CORELIGHT, DISCUSSES HOW THE COMPANY’S GLOBAL EXPERTISE CAN ENABLE MIDDLE EAST ORGANISATIONS ENHANCE THEIR SECURITY POSTURES.

Alan Saldich, Corelight

C

an you please give an overview of Corelight’s operations and offerings? Corelight provides solutions based on an open-source software project called “Zeek” formerly known as Bro. Created by co-founder Dr. Vern Paxson more than two decades ago, Zeek is being used by thousands of organisations around the world; taught by technology firms such as SANS and Cisco as part of their security training curriculum; and incorporated into dozens of commercial security products. As an open-source software, many people contribute to the project. However, all of the core developers on the Zeek project work for Corelight, which gives us a strategic advantage in the market. The power of Zeek is its capability to ingest raw packets and extract hundreds of elements of data that are specifically curated for network forensics, incident response and threat hunting. That data is parsed, structured and exported in real-time to the customer’s analytics stack (typically a SIEM like Splunk, Elastic, Exabeam, Securonix, ArcSight, QRadar or virtually any other analytics platform). The logs Zeek produces can be augmented with third-party or internal data to make them more useful, and Corelight customers can also add their own customised detections or those that were created by other members of the Zeek open source community.

22

SEPTEMBER 2019

Coreight Sensors are available as physical appliances, virtual or clouddeployable systems, which can be installed in about 15 minutes and begin capturing valuable data immediately. Why is the Middle East an important market for Corelight? Cybersecurity has become a top priority for organisations in the Middle East. A recent report by PwC has found that businesses in the Middle East are more prone to cyber-attacks than those anywhere else in the world. With this in mind, we believe that regional firms including government agencies will see the same value in our offerings as US and European organisations have. We aim to show them how our offering can be an integral part of their security stacks as they modernise and become more data-driven in strengthening their security postures. Today, we already have significant business in the Middle East and since protecting the network is one of the most fundamental aspects of security for any organisation, we think the opportunity in the region is massive. What best practices should enterprises undertake to strengthen their network security strategies? The number one thing Corelight recommends is to start collecting data “yesterday” – or, in other words, as soon as possible!

You only get one chance to capture data and since Zeek logs are very compact - they can be kept for years at modest costs - it makes sense to install sensors now and begin collecting the data even if a security team is not finished designing its next-generation security stack yet. Whatever SIEM, SOAR or detection methodology a customer selects, and whether they make that selection next week or next year, their security teams will be thankful they began collecting data early so that it’s at their fingertips when they need it to defend themselves. What can regional organisations expect from Corelight in the coming months? Corelight’s regional presence now includes a regional hub in Dubai servicing the GCC and the wider Middle East region. This includes sales, pre-sales, and customer success teams. Along with our local partners, our objective is to provide the same local support and expertise to customers in the Middle East that we give to our customers around the world. We also aim to work closely with security professionals and customers to provide ongoing local training, support as well as thought leadership events to promote advanced techniques in dealing with incident response, threat hunting, and network evidence-based forensics using Corelight’s technology.

www.tahawultech.com

INSIGHT

5G: A SECURITY BANE OR BOON? ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, COUNTRY MANAGER FOR UAE GAMAL EMARA DELVES INTO THE IMPACT OF 5G EVOLUTION ON DATA OWNERSHIP.

5

G, the latest generation of cellular networks is dominating media headlines and capturing everyone’s imagination. Among all this noise, one of the growing topics of debate is the continued relevance of Wi-Fi in a 5G world, with many commentators starting to speculate that the newer technology will make the other redundant. Far from this being the case, there are several well-used and very credible arguments that point towards a more hybrid future for 5G and Wi-Fi – mainly relating to the probable cost of the

24

SEPTEMBER 2019

network and the scale of the necessary infrastructure and device upgrades. One argument that hasn’t had much airtime, however, is the one around data ownership. And it is something I think is very worth discussing. Delivering data-driven customer experiences I have spent a lot of time recently thinking about the future of customer experiences. In order to differentiate in the digital era, and respond to both market and stakeholder expectations, Aruba believes that companies need to deliver more connected, timely and personalised experiences to their audiences. Data sits right at the heart of analysing, creating, and delivering these

www.tahawultech.com

“BY MOVING TO 5G CONNECTIVITY, COMPANIES WOULD EFFECTIVELY BE SENDING THEIR DATA OFFSITE TO A CARRIER NETWORK ONLY FOR IT TO GET ROUTED BACK TO A DEVICE ONSITE.”

experiences. So, what happens if (in the most extreme scenario) you turn off your Wi-Fi network and put all your traffic through a 5G network? Who do you think owns all that valuable data? Hint – it’s not you anymore. Sure, you might have no immediate plans to harness all that intelligence yourself – but in an increasingly datadriven world that won’t remain the case for long. And what about the more immediate implications of moving to a carrier-hosted network? There are four primary areas of concern for any enterprise that might consider switching to 5G connectivity in the future: 1. Analytics – Aside from possibly being

www.tahawultech.com

used to deliver improved customer experiences, there are a number of other ways network data feeds into the day-to-day analytics of a business. These include being used for security analytics i.e. looking for bad or anomalous actions on the network, such as a device downloading data at a time of day it normally wouldn’t, and location analytics where the data is used to get a sense of traffic patterns and real-estate utilisation. None of this analysis would be possible without visibility of who is on the network, where they are, and what they are doing. 2. Privacy – If the analytics argument is about making sure an enterprise can see its data, the privacy one is about making sure no one else can. With a cellular network model, you are automatically introducing people outside of the company into the data chain. You’d be hard pressed to find any company today that wouldn’t have concerns about allowing its data to be situated in a place where an outsider might have even the slightest chance of looking at it. 3. Performance – By moving to 5G connectivity, companies would effectively be sending their data offsite to a carrier network only for it to get routed back to a device onsite. Having a convoluted data path like this would

not only increase the risk of latency issues, but it would also prevent the company from troubleshooting any issues. The knock-on effect of this is a loss of both productivity and a satisfying user experience. 4. Security – With security more front of mind than ever, today’s enterprises are employing an increasingly sophisticated variety of methods to authenticate users onto the network – segmenting what they can access, from where, and on what device. Though they do have some level of authentication, current cellular systems are unable to match this depth. Going through a carrier for authentication would also add extra steps to any requests to edit people’s access or remove them from the network (i.e. if they leave), all of which could have security implications for a company. It gets you thinking, doesn’t it? With so much hype around 5G, there is a very real danger of companies getting carried away with all the possibilities and jumping into it without looking. As it starts to roll out more widely, I would counsel companies to think very carefully about how they plan out its use versus Wi-Fi. And, crucially, how this will impact the ownership and control of their data.

SEPTEMBER 2019

25

FEATURE

THE OTHER SIDE OF THE COIN AS CRYPTOCURRENCIES CONTINUE TO GAIN MOMENTUM OVER THE PAST FEW MONTHS, THREAT ACTORS ARE EMPLOYING NUMEROUS TECHNIQUES TO EXPLOIT CRYPTOCURRENCY INVESTORS. DANIEL BARDSLEY SPEAKS TO EXPERTS TO DISCUSS HOW THE INDUSTRY CAN BE REGULATED TO FEND OFF FRAUDSTERS.

T

he United States president, Donald Trump, is never far from the headlines, and in July it was, among much else, his comments on Twitter about cryptocurrencies that were creating a stir. Saying that he was “not a fan of Bitcoin and other cryptocurrencies”, Trump described the value of them as “highly volatile and based on thin air”. “Unregulated crypto assets can facilitate unlawful behaviour, including drug trade and other illegal activity,” he said. Aside from the question of whether cryptocurrencies do, indeed, allow underground activity to flourish, the cryptocurrency market remains caught up in multiple security issues.

26

SEPTEMBER 2019

In the UAE this was brought to light by recent false claims that Sheikh Mohammed Bin Zayed, the Crown Prince of Abu Dhabi and Deputy Supreme Commander of the UAE Armed Forces, had set up a Bitcoin trading scheme. As media in the Emirates reported, the Facebook-promoted scam, which had no connection to Sheikh Mohammed, had asked people for $250 (Dh918) to sign up. Indeed cryptocurrency scams involving made-up endorsements by well-known individuals and fake internet trading platforms are a regular problem. For example, reports from earlier this year said that the Financial Conduct Authority in the United Kingdom had seen a tripling in the number of cryptocurrency and foreign exchange frauds over the previous 12 months. Yet another cryptocurrency-related

scam was brought to light recently by the cybersecurity company ESET. An ESET researcher unearthed fake cryptocurrency apps that impersonated the Turkish cryptocurrency exchange BtcTurk in an effort to get users’ login credentials. The company reported that the fraudulent apps are able to get around two-factor authentication based on SMS. In some cases, the cryptocurrency exchanges themselves raise concerns, which is perhaps unsurprising given the lack of regulation in the sector. While many cryptocurrency exchanges do not indulge in underhand practices, some are said to inflate their trading volume. Media recently said, for example, that one exchange registered in the British Virgin Islands was passing off trades that took place on another exchange as its own.

www.tahawultech.com

Indeed, some reports have suggested that the majority of trading volume reported by some exchanges is fake. Alameda Research, described as a quantitative cryptocurrency trading company, has published findings that suggest that the trading reports of as many as 60 exchanges are unreliable. “This is a sector in its very early stages; there’s not a lot of regulation and so on around the running of these exchanges,” says Professor William Knottenbelt, of the Department of Computing at Imperial College London. “If you’re an exchange and you don’t charge fees on your transactions, you can put through fake trades by trading with yourselves as much as you like. You’re trading from one account to another and backwards. You’re just creating volume. “There have been some very nice studies that [suggest that] up to 95

www.tahawultech.com

percent of the trading volume on some exchanges is actually fake.” He says that the trading volumes reported by exchange is often “suspiciously regular” and follows a perfect sine curve, which is a curve that shows regular oscillations of the same amplitude. By inflating their trading volume, exchanges improve their position in rankings, meaning that they will be better able to charge higher rates to cryptocurrencies that are keen to be listed. “With trading volume, it’s about trying to misrepresent how important you are as an exchange, with the idea that the more volume you say you’re doing, the more volume you will attract,” says Knottenbelt. “Until they get regulated like other financial exchanges, this is probably going to be a problem, at least for

some exchanges that don’t have proper transaction fee policies.” The way that cryptocurrencies are traded “on several exchanges that are all over the world” makes regulation difficult, according to Dr Andrea Baronchelli, a senior lecturer in the school of mathematics, computer science and engineering at City, University of London. “It’s clear it’s difficult to have control of all of these exchanges. I would say that these markets are more difficult [to regulate],” he says. “How markets are providing their data is something you don’t control. It’s easy to imagine in some cases transparency can be altered and the volume [claimed] is the sum of the volumes reported or measured in all these exchanges.” Another reason why the cryptocurrency markets tend to

SEPTEMBER 2019

27

FEATURE

spark concerns may be the type of people involved, according to Professor Olinga Taeed, director of the Centre for Citizenship, Enterprise and Governance, a think-tank focusing on the movement of non-financial value. Taeed says that the way that markets came out of the initial coin offering (ICO) world, which is rife with scams and hacked money, helps to explain why cryptocurrencies are often tied up with fraud. “These same actors, they started moving heavily to the exchanges. The exchanges are where everything goes through. It’s no different than in the ICO world,” says Taeed, who was recently appointed by China’s Ministry of Commerce to the China E-Commerce Blockchain Committee. “The exchanges are generally unregulated and full of extremely bad actors – the same people who were doing scamming of ICOs.” Taeed says there are also “cultural factors” at play, with many of those involved in the market being aged under 30, or older individuals looking to make money in a new field. Parts of the cryptocurrency sector are, however, regulated and reliable, with Dubai having been particularly enthusiastic to embrace the legitimate opportunities of blockchain.

Professor William Knottenbelt, Imperial College London

“THIS IS A SECTOR IN ITS VERY EARLY STAGES; THERE’S NOT A LOT OF REGULATION AND SO ON AROUND THE RUNNING OF THESE EXCHANGES.” For example, the emirate has the Habibi coin, which is Shariah compliant, and the BitOasis cryptocurrency exchange. Also, the government in Dubai announced two years ago that it was creating what was described as the first state-issued cryptocurrency, emCash. None other than Facebook recently announced its intention to launch a digital currency, Libra, although this plan drew the ire of politicians concerned that the company, affected by numerous data scandals, was not sufficiently trustworthy. Indeed it was Facebook’s proposal that seemed to have sparked Trump’s Twitter tirade against cryptocurrencies, as he went on to direct his fury at the plan. The US president said that Libra would have “little standing or dependability” and added that “if Facebook and other companies want to

Olinga Taeed, Centre for Citizenship, Enterprise and Governance – United Kingdom

“THE EXCHANGES ARE WHERE EVERYTHING GOES THROUGH. IT’S NO DIFFERENT THAN IN THE ICO WORLD. THE EXCHANGES ARE GENERALLY UNREGULATED AND FULL OF EXTREMELY BAD ACTORS – THE SAME PEOPLE WHO WERE DOING SCAMMING OF ICOS.” 28

SEPTEMBER 2019

be a bank”, they should seek a banking charter and become subject to banking regulations. So will things ultimately change so that the cryptocurrency markets achieve the level of regulatory oversight seen in other financial markets? Baronchelli for one thinks that a tightening of the regulatory regime will be difficult to achieve. “Who is the regulator here? The problem is these markets are everywhere. Who should regulate them? What entities [operate] on such a scale?” he asks. Taeed says that a cryptocurrency market that was subject to heavy regulation, if such regulation could be achieved, would lose some of its purpose for existing. “Any regulation will dampen the spirit of what it’s all about. The regulators want to bring it under a financial instrument to protect the public. The whole point of crypto was to be antiauthority, anti-establishment,” he says. Regulation would lead to a situation where, instead of using cryptocurrency, “you may as well use cash”, according to Taeed. “The head of Facebook is saying, ‘Yes, we want to be regulated.’ In that case, what’s the point of that? All they’re doing is making a Facebook PayPal,” says Taeed. “So Facebook has had a lot of hostility from the crypto-market because it doesn’t have the ethos of being a rebel.”

www.tahawultech.com

6TH OCTOBER 2019 EMIRATES TOWERS DUBAI

#futureenterpriseawards facebook.com/ tahawultech

twitter.com/ tahawultech

linkedin.com/in/ tahawultech

instagram.com/ tahawultech

www.tahawultech.com/futureenterprise/2019/ For sponsorship enquiries Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672

Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683

Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9128 / +971 50 778 2771

DIAMOND PARTNER

DIGITAL INNOVATION PARTNER

ADVANCED COMPUTING PARTNER

GOLD PARTNERS

HOSTED BY

OFFICIAL PUBLICATION

ORGANISER

FEATURE

LOOKS CAN BE DECEIVING THE RISE OF DEEPFAKES IS CHALLENGING THE IDEA THAT SEEING IS BELIEVING. THE AI-BASED TECHNOLOGY IS INCREASINGLY RAISING CONCERNS OVER HOW IT COULD BE USED TO SPREAD MISINFORMATION AND DAMAGE PUBLIC TRUST. SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS THE FARREACHING IMPLICATIONS OF DEEPFAKE TECHNOLOGY.

30

SEPTEMBER 2019

www.tahawultech.com

I

n a recent video, Mark Zuckerberg, the founder of Facebook, sits in front of a television camera and explains where his inspiration comes from. “Imagine this for a second: One man with total control of billions of people’s stolen data. All their secrets, their lives, their futures. I owe it all to Spectre,” he says. “Spectre showed me that whoever controls the data, controls the future.” They are surprising words to hear from the Silicon Valley billionaire and, although Zuckerberg appears to mouth them in the video, in reality they were never spoken by him. Instead, the clip in question is a “deepfake” video, an artificially generated sequence that is surprisingly convincing. The video of Zuckerberg created quite a stir on its release in June, although it is just one among many deepfakes to have been produced. An array of other well-known people, from Donald Trump to Marilyn Monroe, from Barack Obama to Salvador Dali, have been featured in similar artificially generated footage. Indeed, reports say that thousands of deepfake videos have appeared in the past two years or so, many of them involving one face, typically that of a well-known person, being added in place of another.

“Technology that makes it impossible for the human eye to distinguish between real and deepfakes is already here and being deployed in a variety of realms,” says Dr Eileen Donahoe, executive director of the Global Digital Policy Incubator at the Cyber Policy Centre at Stanford University in the United States. So, the concerns that these deepfake videos generate is obvious: in today’s world, we can hardly tell what is real and what is fake. The implications of this could be significant, particularly when it comes to democratic processes. Artificially generated footage of politicians making outrageous comments could be uploaded to the internet, potentially affecting election results. Experts have said that deepfake videos are produced by the antagonistic actions of two artificial intelligence algorithms that have been trained on thousands of images of the person the video will feature. The method involves one algorithm (the generator) producing a video to try to fool another algorithm (the discriminator), which has been set up to identify fakes. If the generator produces a video with a characteristic that is unconvincing, it will be rejected by the discriminator. The generator then uses the information it gains from that rejection to come up with a better video, one without the giveaway flaw in the previous one.

Professor Siwei Lyu, University at Albany

“STOPPING DEEPFAKES FROM BEING PRODUCED IS THE IDEAL APPROACH, BECAUSE REMOVING DEEPFAKES ONCE THEY HAVE BEEN UPLOADED ONTO PLATFORMS IS FAR FROM BEING A PERFECT SOLUTION.” www.tahawultech.com

This iterative process based on “generative adversarial networks” leads to highly convincing videos, such as the recent one of Zuckerberg, and can produce a wide array of other artificial output, including photos and music. Given that the stage has been reached, or almost reached, when people can no longer tell the difference between real and deepfake videos, it raises the question of whether technology can do what human ears and eyes are no longer able to and identify the fakes. A London-based company called Faculty has told media that there is an “arms race” between technology creating deepfakes, and technology trying to detect them. Faculty’s work involves producing fake videos to help train systems to identify what is real and what is not. Academics, as well as commercial companies, are also interested in the subject. Among the researchers involved is Professor Siwei Lyu, direct of the Computer Vision and Machine Learning Laboratory at the University at Albany, State University of New York. Lyu says that concerns about the ability of deepfake videos to fool people are justified because the technology has developed “quite rapidly in recent years, especially in recent months”. Most of Lyu’s work involves finding ways to detect whether videos are real or fake using an algorithm that can determine whether all or part of a video is fake. Another fascinating strand of Lyu’s research centres on preventing the creation of deepfake videos in the first place. “Stopping deepfakes from being produced is the ideal approach, because removing deepfakes once they have been uploaded onto platforms is far from being a perfect solution,” explains Lyu.

SEPTEMBER 2019

31

FEATURE

Deepfakes can spread virally and their impact, even if it later becomes widely known that they are fake, may never be erased. As commentators have noted, if a deepfake video of a politician is released a day or two before an election, that individual’s election campaign may have been affected fatally even if it is subsequently shown to be fake. So Lyu is looking at how to limit the access of algorithms to the many photographs that they need while being trained to produce the deepfake video. When analysing photographs, the algorithms have to identify the face of the target person, much like a camera will identify a person’s face and enclose it in a white box on the screen as a photograph is taken. “The neural network has to be trained only with the face of the target in the image and as little as possible other background,” says Lyu. “They have to find these images using a face detector and crop them out with the face. What we’re trying to do here is to break the face detectors.” Using an approach that involves “adversarial perturbation”, a small amount of noise specifically designed for the face detectors is introduced into the images that train the algorithm.

The face detectors will consequently be unable to detect where the face is, preventing the algorithm from using the image for training. Lyu thinks that technology of the type that he is developing could be offered to social media users so that when they upload their pictures or videos, some noise could be introduced. This would prevent that person’s videos and images from being used in the generation of a deepfake video. “It could be something offered by the platform, protecting my identity from being used,” says Lyu. “The noises we add in are quite subtle; a human looking at these images may not see it by their eye.” As well as technological solutions of the kind being developed by Lyu, legislative measures are another approach to combat harmful deepfakes. However, Donahoe, a former United

Dr Eileen Donahoe, Standford University

“TECHNOLOGY THAT MAKES IT IMPOSSIBLE FOR THE HUMAN EYE TO DISTINGUISH BETWEEN REAL AND DEEPFAKES IS ALREADY HERE AND BEING DEPLOYED IN A VARIETY OF REALMS.” 32

SEPTEMBER 2019

States ambassador to the United Nations Human Rights Council, highlights a dilemma at the heart of such efforts. “It is really challenging to craft regulatory responses to malign deepfakes that do not undercut the core value of free expression,” she says. “There are some interesting proposals being developed which extrapolate from existing concepts of consumer fraud. But it is as important to make sure regulators do not drift into overreach and censorship, and thereby undermine democratic values in the name of protecting democracy.” Social media companies themselves may have an important gatekeeping role, with Donahoe saying that they “should embrace a sense of deep responsibility for the deleterious effects of their products and services”. She cautions though that it is not yet possible to identify and catch malign deepfakes at upload “without also restricting free expression”. “Private sector companies need to be working with stakeholders from civil society, government and even across platforms to find an effective way to combat malign use of deepfakes,” says Donahoe. “But no one should think this is a simple problem to solve. The starting place for this work is to build resilience against manipulation in all sectors of society.”

www.tahawultech.com

FEATURE

FACING FACTS

THE MARKET FOR FACIAL RECOGNITION TECHNOLOGIES IS EXPECTED TO GROW TO $9.6 BILLION BY 2022, ACCORDING RECENT INDUSTRY INSIGHTS. TODAY, IT IS BEING USED IN A VARIETY OF WAYS FROM ALLOWING YOU TO UNLOCK YOUR PHONE, GO THROUGH SECURITY AT THE AIRPORT AND NOW IT IS INCREASINGLY BEING USED BY LAW ENFORCEMENT AGENCIES FOR SURVEILLANCE AND SECURITY. HOWEVER, JUST LIKE WITH ANY OTHER NEW TECHNOLOGY, FACIAL RECOGNITION BRINGS POSITIVES AND NEGATIVES WITH IT, DANIEL BARDSLEY REPORTS.

A

s you walk outside onto the street, a camera picks up your image – and before long, the police are able to identify who you are. This might sound like a scene from an outlandish novel set in the future, but it is fast becoming reality thanks to automated facial recognition (AFR) technology. Today it is being used by authorities, especially police, from the United Arab Emirates to the United States, from the United Kingdom to China.

www.tahawultech.com

“I think it’s a technological solution to an age-old problem, which is how to identify people who pose a potential risk to public safety,” says Professor Martin Innes, director of the Crime and Security Research Institute at Cardiff University in the United Kingdom. “It marries up the kinds of thinking that have been associated with CCTV monitoring of public spaces with a bigdata approach.” Also referred to as automatic facial recognition technology, it is being employed in Dubai to considerable effect, according to reports. The city’s police force has said that its use has led to the identification and

SEPTEMBER 2019

33

FEATURE

apprehension of significant numbers of offenders. In association with CCTV cameras, of which there are thousands around Dubai, AFR has reportedly helped Dubai Police to arrest 319 suspects in 2018. Operating in the emirate as part of the Oyoon (“eyes”) initiative, the technology involves artificial intelligence (AI) and works in conjunction with photographs of criminals uploaded to a police database. While the law enforcement side of AFR often grabs the headlines, there is much interest in using the technology in other contexts. For several years it has been used in Dubai and Abu Dhabi to identify workers and clock them in and out of construction sites. In another context, shops may be keen to identify customers – either as individuals or as members of a particular age group or sex– so that they can be presented with personally tailored offers. There are also solutions aimed at the hospitality sector. A Russian and Cyprus-based company called FindFace says that its technology enables individuals involved in events to be recognised and registered automatically so that name badges can be printed out faster. The technology can also be used to determine who is allowed entry to events without individuals having a show a name badge. AFR, which is also commonly used by mobile phones to verify the identity of users, is a biometric technology that

compares a “map” of points on a person’s face to a database to look for a match. Variables such as the depth of the eye sockets and the distance between the eyes are used to build up a 3D map of the face, which can be compared to information in a database. It is a technology that has advanced thanks to improvements in processing power, deep learning and the widespread availability of images on social media sites. However, for all the technological

Professor Martin Innes, Cardiff University

“I THINK IT’S A TECHNOLOGICAL SOLUTION TO AN AGE-OLD PROBLEM, WHICH IS HOW TO IDENTIFY PEOPLE WHO POSE A POTENTIAL RISK TO PUBLIC SAFETY.” 34

SEPTEMBER 2019

advances, there are significant concerns about AFR’s effectiveness. In particular, there have been critical comments over the technology’s reliability – or lack of it – in identifying individuals, with one report suggesting that during an initiative by London’s Metropolitan Police to evaluate AFR, it was “96 per cent inaccurate”. There have been concerns that the accuracy of AFR varies according to the gender and race of the subject, with white males least likely to be misidentified, something thought to result from the type of faces used to train the computers. “That brings in this question of the extent to which we fully understand the biases, fully understand the problems that the technology can bring,” says Professor Andrew Charlesworth, a professor of law, innovation and society at the University of Bristol in the United Kingdom. “We may aggravate the fundamental

www.tahawultech.com

Professor Andrew Charlesworth, University of Bristol

“WE MAY AGGRAVATE THE FUNDAMENTAL RIGHTS PROBLEMS IN TERMS OF PRIVACY, IN TERMS OF DATA PROTECTION.”

rights problems in terms of privacy, in terms of data protection.” Just as police in Dubai and London have been using AFR, their counterparts in South Wales in the United Kingdom have, since 2017, been employing the technology. Innes at Cardiff University, who has analysed the South Wales Police AFR trials, says that its use in policing throws up “quite profound” technical challenges. There is no controlled lighting and individuals are unlikely to be facing directly at the camera, for example, in stark contrast to when AFR is used in passport gates. However, Innes says that the technology is becoming able to overcome difficulties of real-world use. “What our work demonstrated was that, over a period of a year, as the [South Wales] police got better at using it, there were significant advances,” says Innes, who notes that the technology requires a person to analyse results and so is better described as “assisted”

www.tahawultech.com

rather than “automated” facial recognition. “When it started, it was making very few identifications. After 12 months, it was making substantially more.” Part of the reason for the better performance, he says, were upgrades to the algorithm on which the system was based. “It made a substantial improvement in the ability of the system to generate matches,” he says. In a recently published study, scientists at Bradford University in the United Kingdom found that by training a computer model with partial faces, they could achieve 90 percent accuracy when the system was given only sections of faces to view, whether that was, for example, the bottom half of a face or just the eyes and nose. The system makes use of convolutional neural networks, which employ machine learning and are particularly suited to analysing visual stimuli. Improvements in the accuracy of AFR cannot, however, immediately overcome the privacy-related concerns linked to the technology. In May, San Francisco banned the city’s police and other local agencies from using AFR, and other American cities have since passed or are looking to pass similar prohibitions. There are moves to outlaw the technology from police body cameras across California. Meanwhile, a police body camera manufacturer, Axon, recently announced that it was forbidding the use of AFR

in its equipment, something that news reports suggested was aimed at preempting a ban. Megan Goulding, a lawyer with a UKbased rights group called Liberty, which is supporting the legal challenge to the use of AFR in Wales, has previously described facial recognition as “an inherently intrusive technology” that breaches the privacy of individuals and “has no place on our streets”. “It risks fundamentally altering our public spaces, forcing us to monitor where we go and who with, seriously undermining our freedom of expression,” she said in a statement. While some argue against AFR, others say that employing it is not fundamentally different from having CCTV cameras capturing footage. Professor Mark Nixon, president of the biometrics council of the Institute of Electrical and Electronics Engineers, described as the world’s largest technical professional organisation for the advancement of technology, says that the use of biometric data, such as when AFR is employed, is “caught up in the wider issue” of privacy. “I think biometrics make our life more convenient and easier. Clearly there’s public concern and that’s for governments to sort out. It does make life easier. I think we’ll see [biometrics used] more and more,” he says. “We want society to be more secure and more convenient, and I think biometrics can deliver that.”

SEPTEMBER 2019

35

INSIGHT

BACK TO BASICS MAHMOUD MOUNIR, REGIONAL DIRECTOR, SECUREWORKS MEA, SHARES INSIGHTS INTO THE FUNDAMENTAL CYBERSECURITY ASPECTS THAT ORGANISATIONS SHOULD KEEP IN MIND.

C

ybercriminals continue to leverage and coalesce around tactics that they know will work, because organisations today still struggle to tackle the basics of cybersecurity, according to Secureworks’ 2019 Incident Response Insights Report. Here are five recommendations that organisations should focus on to improve their security posture:

and SSO pages, should require users to provide a one-time password (OTP) in addition to their regular password. The OTP can be generated from a physical token or a software app. Though deprecated by some standards, an OTP via SMS message to the user’s phone is better than a single factor. This rule should apply to all users, especially senior managers and suppliers/vendors that need access to the organization’s systems.

1. Choose a framework It is easy for organizations to examine incidents and their ensuing root cause analyses in isolation and develop pointin-time solutions to address the issues. But building a security program around an existing industry standard framework ensures that the organization addresses many of the security gaps, and not just the systems that have already been compromised. While there are a number of frameworks to choose from, the practical and pragmatic CIS Controls framework includes straightforward guidance for defenders.

3. Increase visibility Incident response efforts are often hampered by a lack of visibility in the environment. This condition may be due to a lack of historical logs that allows network defenders to forensically piece together what happened, or it may be due to a lack of appropriate tools to monitor for ongoing threat actor activity. Organizations should check that log policies are configured to log useful data for an appropriate amount of time. Endpoint monitoring tools are essential for detecting suspicious activity in the environment after other controls have been evaded.

2. Implement multifactor authentication (MFA) The most common and effective recommendation to enhance an organisation’s security posture is to implement MFA on all externally facing services. Every service available on the Internet, including cloud applications such as Office 365/Outlook, external VPNs,

36

SEPTEMBER 2019

4. Conduct preparedness exercises Cybersecurity technology solutions cannot address all cybersecurity risks. Business email fraud is a good example of how people and processes play a starring role in either increasing or reducing risk. Organizations should establish a process that involves multiple

approvals for transactions, out-ofband confirmation of changes to bank account details, and no regular exceptions for “urgent” requests from senior management. 5. Using exercises to understand and improve security posture Table-top exercises can benefit organizations at different stages. In some cases, the scenarios and subsequent discussions can help participants understand their environment. Involving stakeholders from legal, public relations, and other groups across the organization provides insight about what data is and is not important and why. • Common gap identified through incident response tabletop exercises are: • Misalignment of playbooks (e.g., internal CERT and Executive Crisis Team) • Lack of communication plan within the incident response plan • Inability to determine what data is or is not important, and why • Unclear roles and responsibilities • Employee susceptibility to social engineering • Gaps in basic hygiene

www.tahawultech.com

Synergising the Mind & Technology Economy The biggest tech show in the Middle East, North Africa & South Asia

#GITEX2019

gitex.com

#gitexfuturestars

futurestarsSales@dwtc.com

COLUMN

ONLINE EDITOR ADELLE GERONIMO SHARES HER VIEWS ON THE LATEST DEVELOPMENTS IN THE SECURITY LANDSCAPE.

HUMAN NATURE

W

hen it comes to cybersecurity incidents, most people picture nefarious hackers breaking into corporate networks to steal valuable data or deploying ransomware attack to wreak havoc and shut down systems at a major bank or a hospital. However, research has shown that a majority of information security attacks stem from human error whether its negligence, carelessness, or simply being uninformed. According to a recent study published by privileged access management firm BeyondTrust, 64 percent of organisations have noted that they likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months. Many of the most dangerous offences by employees are things that they might not even think about as risky behaviour. These include clicking on links, opening unknown attachments, entering personal or confidential 38

SEPTEMBER 2019

information into a seemingly credible account or simply poor security hygiene. This errors in human behaviour are often what hackers exploit in order to successfully pull off a ruse or scam. Oftentimes, these actions stem from lack of awareness of their personal responsibility for cybersecurity. While many consider the human element as the weakest link in an organisation, they are also viewed as the most important resource. Therefore, organisations need to invest into making sure that all employees are wellequipped with the knowledge and skills to help boost the firm’s cyber defences. This highlights the ever-growing importance of security awareness programmes. Security awareness is much more than training, knowledge, and attentiveness. It needs to be part of the culture within the business. Many companies have training and policies in place to protect data and teach their employees good cyber practices. But these activities need to conducted on a regular basis and

should entail engaging and practical applications to help employees better comprehend its significance. Cybersecurity should extend beyond the office, especially if a company allows remote workers. The digital nature of our world has made us more connected, efficient, and productive than ever before. These conveniences come with risks, which makes it more important than ever for employees to be aware of the cybersecurity methods they need to safeguard their data. Finally, eradicating the culture of fear. Some companies may think that they need to address cybersecurity issues caused by employees by enforcing extreme punishments to offenders. Having this kind of culture within an organisations makes employees less unlikely to come forward when something does go wrong and it puts data at risk. Instead of blame or fear, enterprises need to create a culture of personal responsibility so employees will view upholding data security as a way to contribute to the company’s security goals. www.tahawultech.com

Specialized Cyber Security & IT Distribution in META Region We cover all top 20 Critical Security Controls

emt.ae emtMETA.com