Security Advisor Middle East | Issue 44 by Security Advisor Middle East

ISSUE 44 | DECEMBER 2019

WWW.TAHAWULTECH.COM

INTERVIEW:

BULWARK TECHNOLOGIES’ JOSE THOMAS MENACHERRY

KNOWLEDGE IS POWER

THREATQUOTIENT’S JONATHAN COUCH ON HOW ENTERPRISES CAN HARNESS STRATEGIC VALUE FROM THREAT INTELLIGENCE

THE POWER OF PEOPLE-CENTRIC SECURITY DON’T BE FOOLED: WHY YOU NEED TO BE ON HIGH ALERT FOR ONLINE FRAUD KASPERSKY: BUILDING A SECURE FUTURE

HOME IS WHERE YOUR DATA IS.

Our new Data Center in the Kingdom of Saudi Arabia brings world-class cybersecurity expertise to your doorstep, ensuring the confidentiality, integrity and availability of your log & event data, without them ever leaving the country. Fully compliant with the NCA ECC-1 and the SAMA Framework, we now offer in the Kingdom of Saudi Arabia the full range of services of our award-winning ClearSkies™ Advanced Security Analytics Platform:

• • • •

ClearSkies™ SaaS NG SIEM Managed Security Services (MSS) / Managed Detection & Response (MDR) ClearSkies™ NG Endpoint Detection & Response (EDR) ClearSkies™ Advanced Security Analytics Platform for MSSPs (white-label)

Learn how you can benefit from the ClearSkies™ Advanced Security Analytics Platform. Reserve your free consultation now. Scan the QR code below to visit our website.

SCAN THE QR CODE TO RESERVE YOUR FREE CONSULTATION. www.odysseycs.com | www.clearskiessa.com

CONTENTS

8 29

KNOWLEDGE IS POWER

ThreatQuotient’s Jonathan Couch on harnessing strategic value from threat intelligence

10 THE FIRST LINE OF DEFENCE

Exclusive Networks and SentinelOne share insights on trends in endpoint security

EAGLE EYE

Infoblox’s Craig Sanderson discusses visibility and anomaly detection in the age of IoT

BATTLING EMAIL FRAUD

Proofpoint’s Emile Abou Saleh on the power of people-centric security

24 THE THREAT WITHIN

Fortinet’s Alain Penel on addressing the challenges of insider risks

SECURITY AT YOUR FINGERTIPS Why mobile security is becoming more critical than ever

THE FUTURE IS PRIVATE

Industry experts discuss the implications of Facebook’s latest move towards encryption

EDITORIAL

‘TIS THE SEASON FOR CYBERSECURITY Talk to us: E-mail: adelle.geronimo@ cpimediagroup.com

Adelle Geronimo Editor

EVENTS

The holiday season is here – and with the holidays comes various opportunities for cybergrinches to steal your data. To protect your organisation this holiday season, it’s worth preparing your defences in advance. It is also important to note, that sometimes even the smallest things can make a big difference in keeping your assets secure. Simple steps such as ensuring your staff are properly aware and trained. It only takes one member of staff to click on a phishing email to leave you vulnerable to cyber-attacks. So, make sure that your staff is equipped with the knowledge to keep your business safe from cybercrime. Another tip to keep in mind is maintaining a clean desk policy. A report by ICO revealed that 40 percent of data security incidents were a result of

employees inadvertently leaving paperwork exposed to third parties. To avoid this, business leaders should impose a clean desk policy ensuring that all confidential paperwork are securely stored away. Finally, backup your data. Not all cybercriminals will steal your data. Sometimes they attempt to launch more sinister attacks such as encrypt it to block your access to it. To avoid falling victim to ransomware, back up your data to the cloud. There are a number of simple steps IT leaders can take to keep their data safe this merry season, many of which are more or less the same as the ones we already use on a daily basis. So, stay safe and don’t let attackers ruin your holidays or cause worry about cybersecurity issues.

“EVEN THE SMALLEST THINGS CAN MAKE A BIG DIFFERENCE IN KEEPING YOUR ASSETS SECURE.”

Published by FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)

Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128

EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135

DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140

Contributing Editors Daniel Bardsley Mark Forker Giorgia Guantario Sharon Saldanha

Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 PRODUCTION Operations Manager Cherylann D’Abreo cherylann.dabreo@cpimediagroup.com +971 4 440 9107

DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh

Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE

Photographer Charls Thomas Maksym Poriechkin

Tel: +971 4 440 9100 Fax: +971 4 447 2409

webmaster@cpimediagroup.com +971 4 440 9100

Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

NEWS

UAE MAY SOON LIFT BAN ON ODYSSEY CYBERSECURITY TO LAUNCH NEW WHATSAPP CALLS, SAYS TOP DATA CENTRE IN RIYADH CYBERSECURITY EXECUTIVE Framework compliance requirements. The UAE may soon lift its ban on WhatsApp calls, the executive director of the UAE’s National Electronic Security Authority, Mohamed Al Kuwaiti, told CNBC’s ‘Capital Connection’. Speaking on the show, Al Kuwaiti said the UAE and Facebook-owned WhatsApp have increased collaboration with regards to national security initiatives that could lead to a lift of the ban. “The collaboration with WhatsApp has actually increased, and in many of those (projects) we saw a very good understanding (from them) of the concept we have,” Al Kuwaiti said, “There might be a lift of that ban for (WhatsApp) voice calls… and this is going to happen soon, this is what we know and understand from the telecommunication authority here in the UAE.” WhatsApp calls, along with any other Voice over Internet Protocol (VoIP) service, such as Skype and FaceTime, have been illegal in the UAE since their inception. Residents have been able to use paid-for VoIP services Botim, C’Me and HiU Messenger, as offered by du and Etisalat. In a statement on their website in 2015, UAE’s Telecommunications Regulatory Authority (TRA) explains that VoIP services “are considered part of the UAE’s regulated activities,” and that they have ” granted licensed operators the eligibility to provide such services across their networks.” Many other residents, the majority of whom expats, have also been known to use virtual protocol networks (VPNs) to access banned VoIP services. Other GCC countries have softened their stance on VoIP services in the past years, with Saudi lifting the ban on WhatsApp calls altogether in 2017. The UAE’s Telecommunications Regulatory Authority has yet to comment on Al Kuwaiti’s remarks on CNBC.

DECEMBER 2019

Odyssey Cybersecurity is set to launch a new data centre to host its ClearSkies Big Data Advanced Security Analytics Platform in Riyadh, Saudi Arabia.5G, data centre in Riyadh According to the company its new data centre in Riyadh offers a great way to enjoy the ClearSkies Platform’s full array of services while staying compliant with the National Cybersecurity Authority’s (NCA) ECC-1 and the Saudi Arabia Monetary Authority’s (SAMA)

“We are proud to be the first European cybersecurity vendor in the Kingdom of Saudi Arabia with a local Data Center hosting our services. Our local Data Center aims to offer to our customers in the Kingdom of Saudi Arabia and the Gulf region our knowledge and expertise while helping them achieve compliance with regional cybersecurity regulatory frameworks. This investment of ours proves our long-term commitment and intent to become a key cybersecurity player in the region” said Christos Onoufriou, Odyssey’s CEO Odyssey’s Data Center will host the full range of ClearSkies Big Data Advanced Security Analytics Platform’s services, fully compliant with NCS ECC-1 and the SAMA Framework by ensuring that all log and event data collected and analyzed stay in the Kingdom of Saudi Arabia.

OOREDOO CHOOSES FORTINET TO DELIVER SECURE SD-WAN MANAGED SERVICES IN KUWAIT Fortinet has been chosen by Ooredoo Kuwait, a part of Ooredoo Group – an international communications company operating across the Middle East, North Africa and Southeast Asia – to deliver the region’s first secure SD-WAN managed service. According to Fortinet, its Secure SDWAN will allow Ooredoo’s existing and new enterprise customers to achieve accelerated connectivity, transport mode independence, and increased application performance while benefiting from tightly knit SD-WAN and advanced security features. Ooredoo Kuwait is deploying Fortinet’s Secure SD-WAN across its retail branches and will serve as a reference for customers wishing to follow suit.

JOE SARNO, FORTINET AND ABDULAZIZ ALBABTAIN, OOREDOO KUWAIT

“Ooredoo Kuwait’s broad managed security services rely on several Fortinet solutions, including the Fortinet Secure SD-WAN solution, which significantly reduces onboarding efforts and speeds time to market for the service,” said Abdulaziz AlBabtain, chief business officer, Ooredoo Kuwait. Joe Sarno, International Emerging Vice President, Fortinet, said, “We’re pleased to work with Ooredoo Kuwait to deliver the region’s first secure SDWAN managed service and continue our focus of delivering integrated SD-WAN and advanced security to enterprise customers around the world.”

www.tahawultech.com

NEWS

ABU DHABI UNVEILS NEW TECH-DRIVEN NATIONAL DEFENCE CONGLOMERATE

Abu Dhabi has unveiled a new defence conglomerate focused on developing advanced technologies for cyber defence and national security solutions. The new company, called EDGE, was inaugurated by Sheikh Mohamed bin Zayed, Crown Prince of Abu Dhabi and Deputy Supreme Commander of the Armed Forces. The organisations will partner with top industry-equipment manufacturers and defence companies to accelerate innovation to protect against cyber-attacks, drones, the spread of misinformation and other emerging threats to national security in the UAE and across the globe. EDGE is consolidating more than 25 entities, including subsidiaries from the Emirates Defence Industries Company (EDIC), Emirates Advanced Investments Group (EAIG), Tawazun Holding, and other independent organisations.

EDGE will be spearheaded by Faisal Al-Bannai who has been appointed as the firm’s CEO and managing director. “EDGE will invest extensively across R&D, working closely with front-line operators to design and deploy practical solutions that address real world challenges,” he said. “The solution to address hybrid warfare, lies at the convergence of innovations from the commercial world and the military industry. Established with a core mandate to disrupt an antiquated military industry generally stifled by red tape, EDGE is set to bring products to market faster and at more cost-effective price points.” EDGE will develop deeper partnerships with world-leading industry OEMs and defence contractors, the SME sector and academia alike. Accelerating the rate of innovation, it will also be attracting elite industry experts and talent from around the globe, to help on a wide spectrum of modern product development, ranging from ideation to building cross domain capabilities over its five core business clusters: Platforms & Systems, Missiles & Weapons, Cyber

Defence, Electronic Warfare & Intelligence, and Mission Support. The company is set to implement advanced technologies such as autonomous capabilities, cyber-physical systems, the Internet of Things, advanced propulsion systems, robotics and smart materials, with a focus on artificial intelligence across all its products and services. In 2018, the UAE topped the Global Innovation Index for the Arab world. EDGE aims to help the UAE to retain and expand that foremost position.

55%

OF ORGANISATIONS STRUGGLE WITH A LACK OF INTEGRATION BETWEEN CURRENT SECURITY ANALYTICS TOOLS AND CLOUD INFRASTRUCTURE SOURCE: EFFECTIVELY ADDRESSING ADVANCED THREATS BY SANS INSTITUTE

UAE MOCD STRENGTHENS SECURITY POSTURE WITH MICROSOFT The UAE’s Ministry of Community Development (MOCD) has teamed up with Microsoft to better secure its digital assets and protect against cyber-attacks. As part of the agreement, the ministry will adopt Microsoft’s Defender Advanced Threat Protection (ATP) to protect its digital perimeter and respond to endpoint attacks, advanced threats, fileless attacks and zero-day exploits. “As we work to improve social development in the UAE, and pursue the national agenda for Vision 2021, our responsibility to strengthen family coherence and consolidate the position of our nation as a place of happiness will rely more and more on a stable technology environment,” said Saeed

www.tahawultech.com

SAYED HASHISH, MICROSOFT AND SAEED ABDULLA, MOCD

Abdulla, Information Technology Advisor – Minister’s Office, UAE Ministry of Community Development. “To protect, detect and respond to sophisticated and advanced threats, we partnered with Microsoft to implements its security and compliance solutions.

Our partnership will ensure seamless fulfilment of the vision our wise leaders have for our citizens and our country.” MOCD has opted to standardise its cybersecurity strategy using Microsoft Defender ATP, leading to a simplification of operations and a more coherent defence of its digital estate. Sayed Hashish, general manager, Microsoft UAE, said, “We are proud to partner with the Ministry of Community Development, against cyber-attackers, and bolster the ministry’s perimeter against a daily siege. That way, its innovators can concentrate on improving people’s lives while being amply protected against those with a more sinister outlook.”

DECEMBER 2019

INTERVIEW

BUILDING A SAFER WORLD ALEXANDER MOISEEV, CHIEF BUSINESS OFFICER, KASPERSKY, SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS THE FIRM’S NEW BRAND PHILOSOPHY, CYBER IMMUNITY AND WHAT THE FUTURE HOLDS FOR THE SECURITY INDUSTRY.

DECEMBER 2019

hat have been some of the recent highlights at Kaspersky? One of the biggest highlights at the company was the rebranding. We officially unveiled our brand’s revamped name and logo. This whole process took two years as we want our new look to reflect the values that define us. Digging a little bit deeper, we’re not just changing our logo. As the company as a whole is undergoing a transformation, our vision of the future has changed. That’s why we also introduced a new company philosophy, which is ‘Building a safer world.’ Our new mission statement reflects the evolution of our focus from cybersecurity to cyber-immunity. In the past, a big focus for us is what we call classic security, which

www.tahawultech.com

is primarily centred on building fences. With these security fences, organisations often feel restricted to creating more innovations. We believe that information systems should be designed and built secure. Organisations shouldn’t have to keep adding more solutions and still have gaps in their security systems. Our new philosophy seeks to empower customers to be free to create new technologies that will not be a source of threat and vulnerabilities but instead open up new possibilities and opportunities for them. Over the past two years, ransomware and phishing attacks have made headlines. Are we still going to see more and more of these cyber incidents happening in the next year? These are what we call epidemical incidents and they often happen when there is an obvious economic interest. At the same time, many organisations still have gaps in their security systems and practices. So, yes, we might still see more incidents like ransomware and targeted attacks happening in the future. Furthermore, a big trend that we’re seeing moving forward is cyber-attacks on industrial systems. We believe that as threat actors evolve and develop more sophisticated methods we will see attacks that will impact not only the cyberspace but also the physical world. In this regard, we are investing a lot of time and resources into developing solutions that will protect organisations in this space. We plan to provide patches for industrial systems free of charge.

Where we can sell, we ensure that we deliver them a full solution. How is Kaspersky leveraging technologies such as artificial intelligence (AI) and machine learning in developing your products? One of our key offerings, which is, in fact, one of the fastest-growing segment in our portfolio, the Endpoint Detection and Response (EDR) is leveraging machine learning to help organisations monitor and detect anomalous behaviour within their networks. It provides comprehensive visibility across all endpoints on the corporate network, enabling the automation of routine tasks to discover, prioritise, investigate and neutralise threats. How is Kaspersky innovating to make sure that all the offerings that you’re putting into the market are future proof? Security companies typically promise to deliver solutions based on one of these key three pillars – Big Data, technology (machine learning and automation systems) and detection of highly targeted attacks. We pride ourselves with being able to combine all of these three components. We offer Big Data, which we have collected since 1997 into one big database. In 2008, we used to have over 250,000 samples but over the past decade, we have been able to collect millions of data sets daily. We offer machine learning, which enables our solutions with threat detection capabilities. Finally, we have over 50 top experts across the world focusing on analysing

“OUR NEW PHILOSOPHY SEEKS TO EMPOWER CUSTOMERS TO BE FREE TO CREATE NEW TECHNOLOGIES THAT WILL NOT BE A SOURCE OF THREAT AND VULNERABILITIES BUT INSTEAD OPEN UP NEW POSSIBILITIES AND OPPORTUNITIES FOR THEM.” www.tahawultech.com

and detecting various threats. By having all these three components we can provide our customers with more predictive systems, which enables them to have a more proactive security approach. Looking forward, where do you think is the cybersecurity space heading? We can expect increased demands for products, solutions and technologies that have security built-in. For example, in the automotive sector, many car manufacturers are developing products that are enabled with the latest technologies and they are realising that the cannot just deploy IT systems within their products, they also need to ensure that they are secure. Now, this is the aspect that we want to highlight as we shift our focus from cybersecurity to cyber-immunity. Increasingly, many are realising that they can no longer afford to make security an afterthought. Yes, there is no such thing as being 100 percent secure. However, you can’t build a car from boxes of carton and expect it to withstand the rain. Organisations need to design, create and deploy innately secure products. What can the market expect from Kaspersky in the coming year? We aim to spread more awareness about our new brand and communicate our new philosophy through marketing, thought leadership industry events and roadshows. We’re increasingly working with players in the automotive, government and industrial sectors. In addition, as a 100 percent channel-focused company, we plan to maintain this focus and enable our partners with as much knowledge as we can about the latest trends in the industry. With our new brand philosophy, we want to build cyber-immune future in a safe new world.

DECEMBER 2019

INDUSTRY HIGHLIGHT

THE FIRST LINE OF DEFENCE

EXCLUSIVE NETWORKS TOGETHER WITH SENTINELONE HOSTED A DEDICATED PARTNER EVENT TO DISCUSS THE RECENT TRENDS IN ENDPOINT SECURITY AND THE LATEST UPDATES IN THE VENDOR’S ENDPOINT PROTECTION OFFERINGS.

s threat actors become smarter and cyber-attacks become more sophisticated, organisation today can no longer afford to rely on passively deployed technology alone. With annual global losses from cyberattacks expected to hit $6 trillion by 2021, enterprises need to augment their approach to cybersecurity. The digital nature of modern workplaces has enabled employees within organisations to be more connected, efficient and productive. The increasing mobility of today’s workforce has resulted in the rise of endpoint devices within enterprises, which made networks even more susceptible to threats. With cybersecurity being the need of the hour amid the expanding threat landscape, customers are seeking trusted advisors who will help them navigate the challenges in protecting their endpoints. Exclusive Networks together with SentinelOne has recently organised a dedicated event to provide partners with the latest know-how about the security industry

DECEMBER 2019

Tamer Odeh, SentinelOne

and updates on the vendor’s offerings. The two-day event, which took place in Dubai and Abu Dhabi consecutively, was attended by over 100 of Exclusive Networks’ channel partners. “Today, security is integrated into every IT solution,” said Jijo Joseph, head of strategic channels and business unit manager – SMB, Exclusive Networks. “It has become one of the most vital elements of any technology implementation. Channel partners have the opportunity to become the catalyst for an organisation’s security transformation and with SentinelOne they can further enhance their customers’ cyber defences.” SentinelOne unifies prevention, detection, and response in a single platform driven by sophisticated machine learning and intelligent automation. The vendor’s solutions enable security teams to predict malicious behaviour across major threat vectors in real-time, rapidly eliminate threats with fully-automated, integrated response capabilities, and

adapt defences against the most advanced cyberattacks. “Through the event we are enabling our premium partners who are offering endpoint protection solutions with the latest updates from SentinelOne,” said Joseph. “We have three different sessions focused on SentinelOne’s Core, Control and Complete solutions. We are educating our partners on how they can differentiate these three offerings to help them better sell these solutions and efficiently provide support to their customers.” Joseph added that as SentinelOne’s distributor here in the region and across the globe, Exclusive Networks has witnessed a significant uptake of its solutions over the past couple of years. “In the region alone, we’ve seen the adoption of SentinelOne solutions grow by 300 percent. We have also seen partners switching from other endpoint protection vendors to SentinelOne as well.” “Moreover, customer demands for SentinelOne solutions across top

www.tahawultech.com

Jijo Joseph, Exclusive Networks

full visibility across networks directly from the endpoint. Tamer Odeh, regional sales director – Middle East, SentinelOne, said, “Endpoint security is the first line of defence. That’s why we believe that protecting endpoint devices is paramount in keeping enterprises cyber resilient. Ensuring that you have robust security

industries such as banking and finance, education and oil and gas have increased significantly. We are happy to say that we’ve had zero customer loss in our SentinelOne portfolio as 100 percent of our users have renewed their contracts.” Endpoint protection has been constantly evolving over the years. With threats such as cyber warfare, ransomware and nation state attacks at a constant evolution, enterprises today are demanding stronger endpoint security solutions that will help them stay resilient. SentinelOne offers a unique singleagent platform to hunt, prevent, detect and respond to attacks across all major vectors. It has been designed to save customers’ time by applying AI to automatically eliminate threats in real time for both on premise and cloud environments. It also provides

www.tahawultech.com

solutions for your endpoints reduce the chances of attackers succeeding in penetrating your systems and extracting data from your organisation.” Odeh further explained that SentinelOne’s single agent offering means that their solutions are easy to deploy and manage. “It also means that enterprises can seamlessly run our solutions across different operating systems, be it be Windows, Mac or Linux. “We are also an open API company, which means our solutions can easily be integrated with various other cybersecurity solutions in the market. This is very important for us and our customers as we believe that threat intelligence and sharing is paramount to be proactive in our defences.” Speaking about the event, Odeh highlighted that as a channel-driven organisation, partners play an important

role in the growth of their business. “Our partners are very important to our success. We do most of our business via a two-tier model – through distributors and partners. They are instrumental in our success by helping us reach our customers faster, enabling us to scale our business and speeding up the delivery of our mission, which is to provide the market with a solid endpoint protection solution.” He then noted that with the support of Exclusive Networks, they aim to continuously enhance the capabilities of their partners through constant training and education. “Through events like these, we are able to provide our partners with the latest updates in the market and in our offerings. This gives them a good opportunity to learn how they can augment their strategies in offering SentinelOne solutions. In doing so, I believe they will be able to deliver our product in a better way and keep their customers engaged for the long-term.” Looking to the future, Odeh said that with the cybersecurity space growing at a very fast pace, SentinelOne is dedicated to addressing market demands and challenges as quick as possible. “We aim to continue investing more time, effort and resources into R&D,” he said. “We will also continue to enhance our Managed Detection and Response asa-Service offering. With the current and expanding skills gap in the cybersecurity industry, we believe that SentinelOne can play a key role in supporting our customers in terms of offloading their burdens when it comes to endpoint protection and defence through MDRaaS.”

DECEMBER 2019

COVER FEATURE

DECEMBER 2019

www.tahawultech.com

KNOWLEDGE IS POWER THREAT INTELLIGENCE HAS INCREASINGLY GAINED POPULARITY AS THREAT PREDICTION AND PROACTIVE CYBER DEFENCES HAVE PROVEN EFFECTIVE IN MITIGATING CYBER-ATTACKS. THREATQUOTIENT SENIOR VICE PRESIDENT OF STRATEGY JONATHAN COUCH DISCUSSES HOW ENTERPRISES CAN PULL STRATEGIC VALUE FROM THREAT INTELLIGENCE.

ive a brief overview of ThreatQuotient’s operations. ThreatQuotient provides a security operations platform which enables collaboration and efficiency to security teams by connecting people, process, and technology and focusing on the threats to your organisation. How is threat intelligence developed? How can organisations translate this data into actionable defence against cyber-attacks? Threat Intelligence has moved into the commercial world from governments and militaries over the past 15 or

www.tahawultech.com

so years. It is typically developed by collecting information on what the bad guys (often called ‘adversaries’) are doing and then sending that information to organisations that may be affected by those attacks. Intelligence follows a lifecycle and the differences in intelligence are typically due to variations in the lifecycle. A simplified threat intelligence lifecycle entails collection, analysis, and dissemination. Collection can occur in underground forums, monitoring of botnets and adversary infrastructure, from victims of attacks, from social media, or your internal security sensors. Meanwhile, analysis is the process of validating and verifying a threat and adding context to the technical information (e.g. Is it cybercrime or espionage or hacktivism? Is it ransomware or an exploit kit?). Finally,

dissemination is how that information or intelligence is delivered to a consumer whether it is via a published report, machine-to-machine API, web portal, email and so on. Dissemination is the format, frequency, and content of the information. Without going through this lifecycle, it is just data/information, not ‘intelligence.’ As for putting these insights into practice, there is a general assumption in the industry that actionable means technical data that machines can consume and use to block or alert. Actionability is defined by the consumer: while the SOC may find indicators sent to the SIEM to be actionable, a CISO won’t. All the intelligence an organisation has on something must be aggregated, de-duplicated, and correlated and then the security team needs to define the format, frequency,

DECEMBER 2019

COVER FEATURE

and content for each of the stakeholders in the organisation. Can you give three key factors enterprises need to keep in mind in building an effective threat intelligence framework? What kind of solutions or resources should CISOs invest into? The three things organisations need to consider when creating threat intelligence or selecting a Cyber Threat Intelligence (CTI) provider are context, relevance, and follow-on. CTI frameworks must focus on context and answer some of the ‘who, what, when, where, why and how’ behind cyberattacks. Organisations need to understand that having lists of bad domains, IPs or hashes without any context isn’t intelligence, it is just data and doesn’t support smart decision-making. Secondly, relevance is how security teams can help to filter all of the information and intelligence out there and narrow it down to the items that matter most to their specific organisation. Prioritising relevant intelligence helps teams be more efficient and effective and focus on specific threats they know will cause damage. Finally, security groups should consider intelligence follow-on, which entails answering questions that consumers such as CISOs, SOC analysts and incident responders have around various threats. Organisations need to be staffed and ready to research and provide answers to these questions vs just throwing reports or data at people and not being able to explain it or make it relevant. CISOs need to invest in solutions that give them the breadth and depth of coverage and insight into their enterprise as well as intelligence feeds

DECEMBER 2019

“CTI FRAMEWORKS MUST FOCUS ON CONTEXT AND ANSWER SOME OF THE ‘WHO, WHAT, WHEN, WHERE, WHY AND HOW’ BEHIND CYBER-ATTACKS. ORGANISATIONS NEED TO UNDERSTAND THAT HAVING LISTS OF BAD DOMAINS, IPS OR HASHES WITHOUT ANY CONTEXT ISN’T INTELLIGENCE, IT IS JUST DATA AND DOESN’T SUPPORT SMART DECISION-MAKING.” and platforms that can interact with those solutions. All of these need to work in concert. There is no value in having the best intelligence on malware that is targeting your organisation without the right solutions in place on your endpoints to block or deliver alerts on that intelligence. Likewise, if you have an EDR solution but have no platform to take intelligence from feeds, prioritise

it, find relevance, and send it to the EDR solution, you will face issues with finding the real value in cyber threat intelligence. How do technologies such as automation and machine learning enhance threat intelligence tools and processes? Machine learning and artificial intelligence (ML/AI) are still fairly new in the industry but there are some tools out there that are leveraging these trends to better identify threats in the network and adapt to resist, block or recover from them. I am more a fan of automation currently. If you have comprehensive security infrastructure, then you can automate many facets of intelligence in your environment to block cyberattacks. In addition, you can drastically increase your capability to detect and

www.tahawultech.com

“CISOS NEED TO INVEST IN SOLUTIONS THAT GIVE THEM THE BREADTH AND DEPTH OF COVERAGE AND INSIGHT INTO THEIR ENTERPRISE AS WELL AS INTELLIGENCE FEEDS AND PLATFORMS THAT CAN INTERACT WITH THOSE SOLUTIONS.” How vital is threat intelligence sharing in combating future threats? Threat Intelligence gives organisations insights into attacks beyond their infrastructure. By seeing and understanding how threat actors carry out their attack, organisations can better prepare themselves. Furthermore, by looking at how attacks are evolving, organisations can also detect trends and anticipate future attacks allowing them to better plan and prepare their security teams.

respond to these threats. Cyberattacks are inevitable and will always get through your defences no matter how good your security strategies are. However, organisations can leverage automation to quickly detect those attacks and remove them from your network. Midsize businesses may find gathering and leveraging threat intelligence daunting as they often lack the resources and expertise to do so. How can SMBs address this challenge? SMBs can employ a managed services provider but they can also look at joining various sharing groups or cheaper intelligence provider solutions. MSPs will give smaller companies the advantage of being

www.tahawultech.com

able to access the intelligence gained by other MSPs and clients. How is the demand for threat intelligence solutions in the Middle East region? The Middle East has witnessed a significant increase in threat intelligence projects over the past year. Many enterprises are going through security uplift projects and they want to be at the leading edge of security and incorporate threat intelligence and threat intelligence/security operations platforms into their security operations. A driving factor behind this is also the move to start incorporating more security into operational technology networks that oil, gas, and energy companies rely on when extracting, producing, shipping and delivering their products.

How do you see the adoption of threat intelligence tools evolving in 2020? What role can ThreatQuotient play in the growth of this segment? ThreatQuotient is moving more towards offering a ‘security operations platform’ as opposed to a specific threat intelligence platform. Our take is that threat intelligence needs to be connected throughout people, processes, and technologies. In 2020, organisations are going to adopt threat intelligence more and more, but they will also want to see the value from it. To see that value, they need to have threat intelligence supporting all of their stakeholders – including executives and non-operations roles – and it should be integrated into all of their IT tools to help their teams collaborate better. What one team within the business learns about a threat should be immediately shared and available for all of the other teams.

DECEMBER 2019

INSIGHT

VISIBILITY AND ANOMALY DETECTION IN THE AGE OF IOT BY CRAIG SANDERSON, SENIOR DIRECTOR, SECURITY PRODUCTS, INFOBLOX

istorically, organisations have struggled to gain visibility of what users, devices and applications are accessing their network infrastructure. If the maxim “you can’t protect what you can’t see” holds true, then the prospect of the Internet of Things (IoT) business transition which will result in billions of devices connecting to IP networks is a nightmare in waiting. Identification and classification of IoT devices is particularly problematic because the range of new device types leveraging the IP network is going to explode making it harder for IT security teams to manage and control policies that protect these new devices from themselves and the existing IP connected services.

DECEMBER 2019

Beyond controlling accessing and setting policy, IoT also presents a sizable headache when it comes to detecting breaches and enabling effective response. The plethora of protocols that IoT devices will leverage, spanning a broad range of vertical industries from Healthcare to Retail will make it hard for traditional security platforms to detect breaches. Malware sandboxes whose expertise is identifying abuse of well-known operating systems such as Windows servers will have a steep learning curve to apply the same detection for the bespoke applications running on proprietary software platforms. Instead organisations will have to rely heavily on secure IoT endpoint platforms to try and reduce the

potential attack surface area. Surely there must be a simpler way to approach these problems. A common denominator that can cope with the breadth of platforms and devices that IoT will present. That common denominator could well be an infrastructure that is already prevalent across all IP networks, whether they be corporate network, public clouds, next generation data centers and even the Internet. That infrastructure would be the DHCP, DNS and IP address management (DDI) infrastructure which for the past 30 years has provided internet scale to all IP connected devices. How could this ubiquitous infrastructure be applied to the address the challenges of IoT?

www.tahawultech.com

Device identification and classification Starting with device identification and classification. IP connected IoT devices are going to require an IP address. If the addresses are statically provisioned organisations will need an IP address management platform to manage the IP address space, even more so given the dramatic increase in consumption of addresses. Even if the devices are going to use IPv6 where address space is not constrained, managing and tracking those addresses is an important operational need. Similarly, if the devices obtain their addresses dynamically, they will still need a DHCP (Dynamic Host Configuration Protocol) server to provide those addresses. In either case the centralised platforms that manage the IP address space will

www.tahawultech.com

“THE PLETHORA OF PROTOCOLS THAT IOT DEVICES WILL LEVERAGE, SPANNING A BROAD RANGE OF VERTICAL INDUSTRIES FROM HEALTHCARE TO RETAIL WILL MAKE IT HARD FOR TRADITIONAL SECURITY PLATFORMS TO DETECT BREACHES.” have a comprehensive view of what devices are on the network. More so, through the static address management process there is the opportunity to classify the device at the moment of provisioning. In the case of DHCP, the DHCP request from the IoT device provides a fingerprint that would enable the DHCP server to classify what devices is requesting an address. There does not seem to be any better common way to identify and classify the broad range of IoT devices than with an IP address management and DHCP platform.

Threat detection In the case of threat detection there is an advantage to protecting devices over users. Anomaly detection for users is difficult because it’s hard to predict what a user’s normal behaviour is. Machines on the other hand tend to be far more predictable which means anomaly detection could be a fruitful way of identifying compromised machines. One common means of applying anomaly detection across the breadth of IoT devices would be to leverage their DNS activity. Since statically configuring applications and services is impractical and not scalable, most IoT devices will leverage DNS to dynamically locate the services and platforms it needs to interact with. DNS provides that flexibility enabling services to be re-located between networks whilst maintaining a common point of reference: the fully qualified domain. On this premise, it’s possible to monitor and model the services the IoT device seeks to communicate with. If for example there is an IoT thermostat made by a manufacturer in Germany, it may communicate back to the manufacturer for software updates, leveraging DNS to resolve the address of the update server in Germany. DNS servers could model that behaviour and if the device began to deviate from its typical pattern of behaviour, perhaps by attempting to resolve services in a previously unknown location, that would provide an indication of compromise. The common need for IoT devices to use DNS to locate services provides a simple, scalable and consistent model for detecting potential breaches. Given the looming challenges of IoT, it’s worth considering how the DNS and DHCP platforms that serve IT infrastructure today could be repurposed as a scalable tool for device classification and breach detection.

DECEMBER 2019

INSIGHT

WHY YOU NEED GOOD ARCHIVING EMILY WOJCIK, ARCHIVE CAMPAIGNS DIRECTOR, MIMECAST, SHARES INSIGHTS INTO REDUCING COMPLIANCE NIGHTMARES, DATA LOSS HORROR STORIES AND OTHER TERRIFYING THREATS TO AVOID.

eveloping a modern archiving strategy and maintaining compliance can be scary. No doubt, IT departments are increasingly plagued by data growth and service requirements back to internal customers while legal and compliance teams struggle with how to best retain, access, discover and supervise content in compliance with evolving regulations. Finding differentiation between the sea of vendors and platform approaches can be even more daunting, not to mention the thought of migrating from an aging solution that no longer fits the needs of your business. These challenges are occurring globally and it all can be downright chilling indeed. Consider these nightmare scenarios: • The clock is ticking on an e-discovery request, can you find all emails critical to your case? • An audit is looming, can you prove chainof-custody with accurate reporting? • Can you quickly and accurately recover email after a malicious attack? • How many hours per week are employees spending just looking for emails? Let’s face it: these scenarios can’t happen, and yet they do. However, business depends on email, and email requires a rock-solid archiving

DECEMBER 2019

solution. According to Contoural, modern archiving and information management strategies engage a number of drivers, including legal and regulatory recordkeeping requirements, stricter privacy rules, increasing threat of breaches and decreasing employee productivity, and disposition. A modern strategy not only incorporates all of these drivers, but increasingly transforms standalone records, privacy and discovery programs into an integrated information governance program. The good news about GDPR, California Consumer Privacy Act, Brexit, FOIA, SOX, FINRA and the alphabet soup of other regulations is that they are forcing conversations about good governance as it relates to email and other content types. Companies are realising that a single common workstream under an information governance program can provide benefits in a number of areas. In the end, these modern approaches not only increase compliance, but markedly reduce costs, reduce risks and drive productivity. With this in mind, how can organisations avoid nightmare scenarios? 1. Don’t skimp on modern, compliant records retention schedules. Get consensus from key stakeholders on what should be saved, for how long, and what should be deleted after a set

amount of time. These schedules should be easy for employees to use. 2. Effectively classify data security. Develop a detailed analysis of PII information flow, and use that information to determine moving information from unmanaged and unsecure repositories towards managed and secure repositories. In addition, organisations must implement controls (as noted above) to adhere to retention protocols. 3. Drive employee productivity. When processes are modernised and employees spend less time on admin tasks like personal email management, productivity tends to spike in tandem. For example, giving full search capability, making it easier to share content, and following a seamless organisation system are all ways to see success with improved archiving. There are problems with legacy archive solutions. From administrative complexity, lack of scalability, and slow search performance, there are significant roadblocks to getting the most out of archiving. Dust off the old, on-premises, IT focused archives and look at challenges in a more forward-thinking way. This means moving beyond simply managing storage or playing defense in compliance-driven solutions and instead, turning the archive into a digital memory to bring greater business value and smarter decision making.

www.tahawultech.com

INSIGHT

THE RIGHT FIT NICK OFFIN, HEAD OF SALES, MARKETING AND OPERATIONS AT DYNABOOK NORTHERN EUROPE, DISCUSSES WHY GETTING SECURITY RIGHT FOR SMBs STARTS WITH EMPLOYEE DEVICES.

nother Cybersecurity Awareness Month has passed, this period is always a valuable reminder for businesses that security needs to be a top priority. Whilst the news is littered with incidents of cyber-attacks on bigger companies, cybercriminals are increasingly turning their attention to smaller to mediumsized businesses (SMBs), which are potentially a much easier target. In fact, according to recent research from Ponemon Institute, 66 percent of SMBs worldwide have experienced a cyberattack in the last 12 months. With cyber-attacks growing in sophistication and abundance, and potential data breach fines from the Information Commissioner’s Office (ICO) now reaching levels to put smaller enterprises out of business, there has never been a more important time for SMBs to have the right cybersecurity strategy in place.

DECEMBER 2019

So, how can SMBs safeguard against cybercriminals? Protecting company and employee data and assets is a multipronged challenge. However, getting the basics of cybersecurity right involves putting employee devices, with advanced security features, at the very heart of a business’ cybersecurity strategy. Not only this, but employee education is equally important. Secure devices for SMBs anywhere, anytime We are currently going through a ‘remote working’ revolution and smaller businesses are certainly playing a huge part of this. More and more SMBs are foregoing traditional offices and instead allowing employees to work from home, in a shared office, in a coffee shop or even whilst travelling on public transport. In fact, IDC research found that 60 percent of SMBs worldwide will have mobile worker support in place by the end of 2021. Mobile working

and remote system access through BYOD devices provide great benefits to smaller businesses who may not have the budget for permanent physical office space. However, they unlock new potential threat vectors and present new challenges in relation to device management. Regardless of this, employees are essentially a smaller businesses’ first line of defence against cyber-attacks so it’s important that the tools they are using on a daily basis are robust enough to protect against potential cyber risks. For example, laptops which have advanced biometric features and hardware-based credential storage capabilities enhances protection against password or access hacking. Other security features such as zero client solutions go beyond this and help nullify data-related threats by extracting sensitive data from the device itself. With information stored away on a

www.tahawultech.com

central, cloud-based system, these tools protect against unsolicited access to information if a device is lost or stolen. With 48 percent of SMBs accessing more than half of their business-critical applications from mobile devices, these solutions are particularly useful for mobile workers wanting to gain access to data remotely. Training is vital for SMBs Smaller businesses need to also consider employee training. According to research, almost 90 percent of data breaches are caused by human mistakes. This comes as no surprise when you consider that passwords are easy pickings for today’s cybercriminals and all it takes is for one wrong click on a fraudulent link or a laptop left on a train to compromise business data. Despite this threat, recent research has shown that only 43 percent of SMBs have sought to educate all of

www.tahawultech.com

“WHILE EDUCATION SHOULD PLAY A CRITICAL PART OF AN SMB’S CYBERSECURITY STRATEGY, CYBERCRIMINALS ARE INCREASINGLY FINDING NEW AND ADVANCED WAYS TO GET HOLD OF EMPLOYEES’ DATA.” their employees about cyber threats. With smaller businesses remaining a prime target for cyber-attacks, it’s now more important than ever for them to educate their staff about security threats and best practices for handling sensitive information, especially as the mobile workforce is growing. Part of that training should include insight into the business’ security setup, why and how certain security solutions are being used, and their own responsibility to carry out good cybersecurity practices. SMBs need to implement a multi-layer approach While education should play a critical part of an SMB’s cybersecurity strategy,

cybercriminals are increasingly finding new and advanced ways to get hold of employees’ data. With many of today’s most common cyber-attacks such as phishing and malware being socially engineered to rely on human mistakes, even the most cautious of staff could fall victim to an attack. To add to this, current network infrastructure has not been built with today’s security in mind, meaning smaller businesses need to go that extra mile and implement measures that protect at the network level. To do so involves a multi-layer approach, which integrates both hardware and software. Secure-core PCs, in particular, enable staff members to shield their devices from firmware vulnerabilities, protect the operating system from cyber-threats and prevent unauthorised access to devices and data with advanced access controls and authentication systems. Further solutions such as in-built BIOS (basic input/output system) also adds a greater layer of protection, removing the risk of potential third-party interference. Smart data encryption features also safeguards every area of a device’s hard drive, including all system files. Even if the HDD is removed, data will remain encrypted. Big businesses may dominate the news when it comes to cyber-attacks, but SMBs are far from safe. It is therefore essential that device-level security is a major factor in a SMB’s cybersecurity strategy, giving employees the right tools to help mitigate security threats at both a hardware and software level. Although technology solutions are essential for protection, employee education is also vital. SMBs who aren’t putting employee devices front and centre or investing in training, may well find themselves next on the cyber-attack list.

DECEMBER 2019

INSIGHT

BATTLING EMAIL FRAUD: THE POWER OF PEOPLECENTRIC SECURITY EMILE ABOU SALEH, REGIONAL DIRECTOR, MIDDLE EAST AND AFRICA, PROOFPOINT, SHARES INSIGHTS INTO WHY EMPLOYEES ARE INSTRUMENTAL IN DEFENDING AGAINST BUSINESS EMAIL COMPROMISE ATTACKS.

or decades, the cybersecurity industry has poured resources into understanding the people behind cyber-attacks – their tactics and their motives. While it’s vital that we understand who is attacking us, it’s just as, if not more vital that we also understand who is being attacked. Increasingly, cybercriminals are focusing their efforts on individuals within organisations rather than launching blanket system attacks. The methods may differ – phishing, spoofing, malware – but the result is all-too-often the same: substantial losses. According to the latest Gartner forecast, cybersecurity is one of the major risks affecting MENA businesses and individuals currently. Additionally, most attacks commonly exploit weaknesses through mechanisms, including socially engineered malware,

NOVEMBER 2019

phishing attacks, unpatched/insecure software, social media attacks, and the regular advanced persistent threats. One such style of attack is business email compromise (BEC). Dubbed the most expensive problem facing cybersecurity, the spoofing and commandeering of company email is estimated by the FBI to have resulted in worldwide losses of $26 billion since 2016. Attacks of this nature are particularly pernicious as, when convincing enough, they can get behind even the best security defences incredibly quickly. To stand a chance of keeping them at bay, it’s vital that employees at every level of your organisation know what they are up against and how best to defend against it. Understanding the attackers Organisations face two common types of BEC. In its simplest form, an attacker spoofs the identity of a corporate email

account to convince the email recipient to divert funds to a fraudulent bank account. Typically, the spoofed email will be that of someone in authority such as the company’s CFO, the accounts department of a supplier or a trusted third-party such as a corporate lawyer. In the more menacing version, the attacker gains access to a legitimate email account and uses it to defraud an organisation. This approach is potentially far more damaging as it offers access to a trove of inside information that can be used to make a fraudulent request seem much more convincing. One of the most common variants of BEC scams is bogus invoicing. Here an attacker spoofs or commandeers the email address of a supplier or company CEO to request a change in payment details. If the email address is legitimately compromised, the invoice in question may well be genuine, increasing

www.tahawultech.com

Last year saw a 58 percent increase in BEC attacks and we expect that trend to continue. The more prevalent and sophisticated such attacks become, the better every member of your team needs to be at spotting them. The key to this is creating a securityconscious culture throughout every level and function of your organisation. Today, we are seeing a correlation between job role and exposure to attack in the opposite direction. The lower level the employee, the more likely they are to experience an attack, from executive through upper and lower management and down to individual contributors.

the likelihood of a successful attack. Attackers adopt a number of tactics to successfully socially engineer employees into handing over substantial sums of money. There are significant regional differences in terms of employee behaviour as Proofpoint’s 2019 Human Factor Report illustrates that the Middle Eastern and European users are more likely to click at midday, after lunch and into the late evening. Furthermore, Proofpoint’s recent research on prolific threat actor TA505 shows that tens of thousands of emails attempting to deliver Microsoft Excel attachments with English and Greek lures have targeted financial institutions in countries around the world including the United Arab Emirates. Another approach gaining in popularity, up 50 percent year-on-year, is ‘Fake Forwarding’. As well as including Re: or Fwd: in a subject line, this method

www.tahawultech.com

THE MORE PREVALENT AND SOPHISTICATED SUCH ATTACKS BECOME, THE BETTER EVERY MEMBER OF YOUR TEAM NEEDS TO BE AT SPOTTING THEM.” of attack usually includes a bogus email chain to increase the air of legitimacy. Then there’s the tactic of using privileged information to gain trust. This could be gleaned from the email of a compromised account or by scouring publicly available information. Understanding the attacked Unfortunately, scams of this nature are becoming increasingly commonplace.

The art of defending in depth A seemingly legitimate request from a seemingly genuine account is incredibly hard to defend against. Organisations must embrace a defence in depth approach. This includes ensuring your employees are using unique and hard to crack passwords and making use of two-factor authentication wherever possible. Additionally, training is crucial and should be regular and comprehensive, offering localised content into different languages considering the diverse cultural background of the workforce especially in countries such as the UAE. Finally, put policies in place regarding certain requests and ensure that everyone in your organisation understands that email is not a trustworthy method of communication. In short, any interaction that has a monetary consequence should not take place solely via email.

NOVEMBER 2019

INSIGHT

HOW TO ADDRESS THE CHALLENGES OF INSIDER RISKS ALAIN PENEL, REGIONAL VICE PRESIDENT – MIDDLE EAST, FORTINET, DELVES INTO THE DIFFERENT INSIDER THREATS AND SHARES INSIGHTS INTO HOW ORGNANISATIONS CAN MINIMISE THE RISKS.

hile cybercrime continues to escalate, many of today’s most damaging security threats are not the result of the traditional perception of malicious outsiders breaching a network to deliver malware. While that risk is real, a growing number of organisations are concerned about security risks resulting from insiders – individuals known to the organisation – who have access to sensitive data and systems. Types of insiders Insiders who introduce risk into an organisation can generally be broken down into three broad categories: Malicious insiders. These are users who willfully cause harm through such activities as fraud, data theft, IP theft, and sabotage. Malicious insiders can include disgruntled employees with a grudge, an individual with a political

DECEMBER 2019

agenda, a compromised user being leveraged to commit cyberespionage or cyberterrorism on behalf of a competitor, political group, or nation state, or simply someone who is behaving badly for monetary gain. When queried, 60 percent of companies indicated that they were concerned about this threat. Negligent users. 65 percent of companies expressed concerns about this insider risk. This is an individual who, while not malicious, is still willfully side-stepping policy for the sake of productivity. The risk from these users is high since they almost always have privileged access to systems and devices, such as databases and file servers. While they may not intend to harm the organisation, their negligence can have a significant impact on the organisation. Careless users. 71 percent of organisations worry about this challenge

as these individuals simply make careless mistakes that could lead to an inadvertent system failure, data breach, or accidental breach. This can be something as simple as clicking on a malicious attachment inside a phishing email or browsing malicious websites, to forgetting to secure a public-facing router or server. People posing the most risk Privilege is directly related to the potential impact of an insider threat. Many of today’s modern attacks are designed to escalate privilege, so even a temporary worker with severely restricted access can still create serious havoc inside an organisation. That threat can be compounded when more than one risk is present, such as a user who introduces malware into a network that

www.tahawultech.com

also has implemented weak passwords or users misconfigured devices. Resources most likely to be targeted In addition to the general mayhem that can be caused by an insider, there are specific systems that are the most likely to be targeted. Because the majority of attackers are financially motivated, financial systems are at the top of the list of resources at risk. However, for industrial espionage attacks, research and development resources and customer support systems are top targets. The one thing almost all attacks have in common, however, is the targeting of data – whether to steal it or destroy it. And the king of data is customer information. User PII (personally identifiable information) that can be extracted and sold on the black market can generate significant financial rewards for an inside attacker. Close seconds are intellectual property that can be sold to competitors or held for ransom and financial data that can be used for such things as insider trading. Insider threat on the rise Over two-thirds of organisations believe that insider attacks have become more prevalent over the past year, with nearly half of companies reporting having experienced between one and five critical cyber incidents caused by an insider in the past twelve months. The reasons range from a lack of employee awareness and training to insufficient data protections in place. One of the most concerning trends, however, is the amount of data that now moves outside the traditional data centre perimeter due to the growth of mobile devices, an increased reliance on web applications, and the rapid transfer of data to the cloud.

www.tahawultech.com

“THERE IS NO MAGIC PILL TO MAKE THIS CHALLENGE GO AWAY. IT REQUIRES PLANNING, IMPLEMENTING AND REPURPOSING TECHNOLOGIES, AND GAINING A HOLISTIC VIEW ACROSS YOUR NETWORK.” The biggest challenge with these threats is that they are so difficult to identify. These insiders already have credentialed access to the network and services, so few if any alerts are triggered when they begin to behave badly.

regions. For more sensitive operations, a zero-trust model can be especially effective. Implement configuration management tools that can quickly assess and identify improperly configured device. Monitor data access and file transfers and invest in file tracking technologies. Implement a data loss prevention (DLP) process and related technologies. Strengthen identity and access management (IAM), including the use of multi-factor authentication. Encrypt data in motion, in use, and at rest. Invest in technologies that can inspect encrypted data at business speeds. Use a SIEM tool to correlate threat intelligence gathered from across the network to identify those ‘needle in a haystack’ events that are impossible to detect using manual correlation. Use deception technologies and honeypots to detect activity that strays from assigned tasks.

What your organisation can do There is no magic pill to make this challenge go away. It requires planning, implementing and repurposing technologies, and gaining a holistic view across your network. Here are 10 Addressing insider threats requires strategies that can be implemented to proactive efforts minimise the risk of insider threats: Attackers continue to apply pressure Train employees to see and report across the entire attack surface suspicious activity. In addition, run looking for a lapse in protection of background checks on users being given vulnerabilities to exploit. By combining privileged access to digital deterrence and detection with resources. automation, however, Deploy tools organisations can that can monitor take a much more user behavior proactive approach and activities – to detecting and including policy mitigating insider violation and threats – while leverage machine keeping critical OF GLOBAL COMPANIES EXPRESSED CONCERNS learning to detect security personnel ABOUT NEGLIGENT unusual behavior. focused on higher USERS Segment the order tasks such as network to limit strategic planning and activity to specific network threat analysis.

65%

DECEMBER 2019

FEATURE

SECURITY AT YOUR FINGERTIPS TODAY’S MOBILE WORKFORCE RELY ON THEIR DEVICES FOR JUST ABOUT ANYTHING – FOR BUSINESS, COMMUNICATION AND ENTERTAINMENT, THE LIST GOES ON. AS THE NUMBER OF DEVICES INCREASE EACH YEAR, THE OF MOBILE SECURITY BECOMES MORE CRITICAL THAN EVER.

DECEMBER 2019

www.tahawultech.com

he news several months ago that WhatsApp had detected an attack involving its videomessaging service highlighted the threats that face mobile devices. As was widely reported – the publicity was unsurprising given that WhatsApp has 1.6 billion users – attackers made calls to mobile phones and were able to install spyware even if the recipient did not answer. With the functionality of mobiles continuing to increase, and with the total number of mobile devices growing to 13 billion worldwide, they are being used more frequently for activities that previously were carried out on desktop PCs or laptops. And this means that it is becoming more common for employees to undertake work-related activities on mobile devices, so for companies and other organisations, there are cybersecurity issues to be addressed.

“It’s very easy to attack employers by sending something to the smartphone,” says Marek Jedrzejczyk, vice president of a Polish-based mobile security company called Famoc. Some mobile devices are the staff member’s own and are being used on a bring your own device (BYOD) basis, while others belong to the employer. “A lot of people have a company phone who wouldn’t have a company laptop, in particular if you look into more rural areas,” says Professor Achim Brucker, head of the cybersecurity group at the University of Exeter in the United Kingdom. For example, Brucker notes that firms may supply workers based in rural India with a mobile device when it would be uneconomic to provide that same staff member with a laptop. When it comes to whether smartphones and tablets are more vulnerable to attack than desktops or laptops, the picture is mixed, although there are factors that may make mobile devices more at risk. “We have more experience of managing desktop PCs and laptops as many businesses have been using

Professor Achim Brucker, University of Exeter in the United Kingdom.

“WE HAVE MORE EXPERIENCE OF MANAGING DESKTOP PCS AND LAPTOPS AS MANY BUSINESSES HAVE BEEN USING THESE DEVICES LONGER THAN OTHERS. HAVING BUSINESS-RELATED DATA ON MOBILES AND TABLETS IS SOMETHING MOST BUSINESSES HAVE EXPERIENCED [ONLY] IN THE LAST FIVE TO 10 YEARS.” www.tahawultech.com

these devices longer than others. Having business-related data on mobiles and tablets is something most businesses have experienced [only] in the last five to 10 years,” says Brucker. There are concerns that companies ignore the cyber risks surrounding the mobile devices, with their focus instead on desktops, servers, platforms and networks. Also, it has been said that mobile devices are particularly at risk of phishing attacks, as users are more likely to read and respond to phishing emails accessed on a mobile rather than on a laptop or desktop computer. A survey from IBM found that phishing attacks were three times as likely to succeed on mobile devices. The cybersecurity vulnerabilities linked to mobile devices “depend on the context”, according to Professor Alastair Beresford, professor of computer security and deputy head of department at the Cambridge Computer Laboratory, part of the University of Cambridge. “Some handsets, such as recent iPhones as well as Android devices that receive regular security updates, offer good security,” he says. Indeed, he says that, depending on the threat model, mobile operating systems can be more secure than desktop operating systems. For example, they may provide better data separation between different apps than desktop or laptop operating systems offer. “At the other end of the spectrum, some handsets, such as older devices, or devices that do not receive security patches, are likely to be insecure and more likely exploitable remotely,” he says. “This is of course also true for outdated desktop operating systems, although Microsoft has a good track

DECEMBER 2019

FEATURE

record of offering long-term support to its customers, and certainly much longer periods of patching than we have seen in recent years from many mobile handset manufacturers.” Recent research from the mobile security company Kryptowire, funded by the US Department of Homeland Security, showed that some mobile devices can be vulnerable from the word go. Published in November, the research discovered almost 150 vulnerabilities on brand new smartphones. So even if

associated with mobile devices, with free applications potentially sending data – including company data – to remote servers, where cybercriminals and advertisers might be able to mine it. Mobile malware can lead to data being lost, often without it being clear that this has happened. Limited storage capacity, which means that storing files in the cloud is necessary, is a broad concern with mobiles. The myriad concerns raise the question of what employers should do to

Professor Alastair Beresford, Cambridge Computer Laboratory

“CLEARLY A DEVICE WITH NO CORPORATE DATA ON IT IS THE BEST FROM A SECURITY PERSPECTIVE, BUT IS LIKELY TO BE NOT VERY USEFUL. A RISK-BASED APPROACH IS REQUIRED TO EXPLORE THE TRADE-OFFS AND FIND THE RIGHT COMPROMISE.” users are diligent about updating their devices and ensure that they do not download any malicious applications, they could still be compromised. Tying in with this, the cybersecurity specialists Kaspersky Lab have highlighted the way that “broken cryptography”, which is linked to poor security by the developers of apps, can create vulnerabilities. In briefing material, the company has shone a spotlight on multiple other threats to smartphones and tablets, some of which are particularly relevant to devices being used for work. Aside from the risk of spyware highlighted by the WhatsApp breach, and the dangers from phishing, Kaspersky Labs noted that vulnerabilities from the use of unsecured WiFi should be considered too. Data leakage is a key concern

DECEMBER 2019

ensure that mobile devices used by their staff do not put the company at risk. Beresford notes that much of the advice is very similar to that for securing laptops from attack. Data should not be stored on the device unless necessary, while the amount of information accessible via the device – such as email or a cloud service with data – should also be kept to a minimum. Companies should ensure that security updates to their employees’ mobile devices are available and installed promptly. Beresford also recommends ensuring that full disk encryption is enabled and that a reasonably strong passphrase and/or hardware security token is required to unlock the device. He also notes, however, that all of these safeguards need balancing

against the negative effects that they may have. “Clearly a device with no corporate data on it is the best from a security perspective, but is likely to be not very useful,” he says. “A risk-based approach is required to explore the trade-offs and find the right compromise.” There are, of course, many types of software aimed at companies that want to secure the mobile devices used by their employees. But it is said that many companies do not prioritise mobile security and do not implement the solutions that are available. “That software is not so much in use compared to similar solutions for desktops,” says Brucker. Google offers MDM solutions for devices running its Android operating system, and these typically offer separation of personal and business apps or data. But, Brucker notes, there are alternatives to what Google, or Apple, offers. “There are also device management solutions from third parties – not vendors of mobile operating systems,” he says. “They often can manage devices running different operating systems, so they provide a uniform management interface for Android and iOS devices. “Often these solutions also allow companies to control which apps from Google Play or the iOS store can be installed by employees.” Famoc is one of the many technology companies that offers mobile device management (MDM) solutions, and has been involved with projects with individual companies that cover thousands of devices. So, employers have much to consider, and those who have yet to prioritise dealing with the vulnerabilities of their staff members’ smartphones, tablets and other mobile devices are recommended by experts to focus on these potential cybersecurity weak spots.

www.tahawultech.com

FEATURE

DONâ&#x20AC;&#x2122;T BE FOOLED: WHY YOU NEED TO BE ON HIGH ALERT FOR ONLINE FRAUD SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO HELP AG CTO NICOALI SOLLING ABOUT THE INCREASING NUMBER OF ONLINE FRAUD AND HOW ORGANISATIONS CAN COMBAT THIS THREAT.

he range of frauds that the payment industry needs cope with is far more extensive than most of us would probably imagine. There is card ID theft, counterfeit card fraud, remote purchase fraud, investment scams, advance fee scams, impersonation fraud (itself broken down into different categories) and advance fee scams, plus numerous other types. Not all have an online element to them, but several do, and often the scale of such internet-based frauds is eye watering. Fraud the Facts 2019, a report produced by UK Finance, which represents more than 250 financial companies in the United Kingdom, said that $506.4 million (AED 1.86 billion) worth of e-commerce fraud took place on cards in that country alone last year.

www.tahawultech.com

DECEMBER 2019

FEATURE

This represented well over half of all UK card fraud and more than threequarters of remote purchase fraud, which Nicolai Solling, Help AG is also known as card not present fraud and which involves online, mail order or telephone purchases by criminals using a stolen card. The dangers of internet-related fraud are likely to increase as an ever-greater proportion of financial transactions takes place online. The Global Identity and Fraud Report 2019 from Experian, the consumer credit reporting company, forecasts that Half of businesses, Experian reported, digital commerce will grow by 20 percent have increased spending on fraud annually until 2022, by which time it will management during the past year. be worth close to $5.8 trillion. Some of that anti-fraud expenditure Meanwhile, last year there were more is, naturally enough given the country’s than two billion digital banking users status as a commercial and financial worldwide, and numbers are rising by 11 centre, being made in the UAE. percent per annum. Among the companies focusing And statistics indicate that, as might be on combating online fraud is the expected, fraud is tending to increase. For cybersecurity specialist Help AG, which example, last year the amount of remote has been involved in investigating major purchase fraud losses on UK-issued instances of such criminal activity in the bank cards jumped by almost a quarter, Gulf region. reaching $643.4 million (AED 2.40 billion), The company has looked into cases according to Fraud the Facts 2019. of CEO fraud, which typically sees Meanwhile, 55 percent of businesses fraudsters impersonating, by email, a surveyed for Experian’s global report said trusted senior staff member, often the that over the past year, their losses from CEO (which gives this type of fraud its online fraud had increased. name), in order to get money Globally, more than 40 transferred out of the percent of consumers have business. experienced online “Help AG has fraud, although been involved in fortunately the a number of Middle East, along investigations with mainland where some very, Europe and GLOBAL BUSINESSES REPORTED AN INCREASE IN ONLINE FRAUDvery significant Africa, lags RELATED LOSSES amounts of behind certain funds have been other parts of the SOURCE: EXPERIAN GLOBAL transferred,” says world, notably the IDENTITY AND FRAUD REPORT Nicolai Solling, chief United States and technology officer, Help the United Kingdom, in AG Middle East. its scale.

“CEO FRAUD HAS BEEN AROUND FOREVER. IN THE OLD DAYS IT COULD BE A TELEFAX COMING IN OR A LETTER BEING SENT. THE THING IS, THE ELECTRONIC MEDIUM HAS MADE IT SO MUCH EASIER FOR THE ATTACKERS.”

55%

DECEMBER 2019

Indeed, some of the examples investigated by the company have involved dollar amounts stretching into six figures. Worldwide, CEO fraud appears to be growing at an alarming pace, with one report suggesting that losses are doubling year-on-year in the United States, reaching $1.2 billion in 2018. The number of ransomware attacks has shown signs of falling at a time when law enforcement agencies have put efforts into tracing cryptocurrency fraudsters, and this may be part of the reason, suggests Solling, why CEO fraud is on the rise. The criminals attempt to exploit a vulnerability of the existing business processes, something that they can do by relatively simple social engineering using email. “Someone with the authority to approve [a transfer], he posts something on Facebook, ‘I’m enjoying the beach in Dubai, wonderful weather,’” says Solling, explaining the

www.tahawultech.com

processes leading up to the fraud. The criminals might take advantage of this post by sending an email purporting to be from this individual who is on holiday. This email will go to a person in the company’s accounts department who can effect a transfer. “‘Greetings from Dubai. Can you transfer this money to this supplier? Please transfer $23,500 to this organisation.’ Rebecca [a person at the company allowed to make a transfer] believes it’s coming from the CEO,” explains Solling. The staff member then carries out the transfer, fooled by the email because it contains details gleaned from the social media post. Solling notes that often simple measures can prevent such fraud. For example, in this example the criminals can be tackled if there is a requirement that the accounts section should call the person requesting the transfer to confirm

www.tahawultech.com

that it should, indeed, go ahead. Another safety measure could be the adding of another person who has to approve a transaction. Again, this is a simple safeguard, but effective. “CEO fraud has been around forever. In the old days it could be a telefax coming in or a letter being sent. The thing is, the electronic medium has made it so much easier for the attackers,” says Solling. While there are simple procedures that can be introduced to combat CEO fraud and other such scams, technological measures too can trip up the criminals. “To utilise email systems today you have the ability to sign your email with a digital signature or certificate. It’s something that’s not been too popular in the past, but as our online identity becomes more and more popular, proving your online identity will be more and more important. An online key [can] prove it’s you,” says Solling. “There are a lot of elements where

identity will become more and more important. That’s an area where we’ll see a lot of developments. “We use [digital certificates] internally. Organisations will start to introduce digital certificates to prove identity. It could be something as simple as writing a word document and you sign it. If someone tampers with it, automatically your signature gets voided.” In the wider online fraud sphere, companies seem willing to focus on improving their authentication processes, with Experian saying in its 2019 report that 75 percent of businesses have upgraded their online security in the previous 12 months. There are numerous authentication measures that businesses can require for online activities, including the basics such as password, PIN numbers and security questions. These are the most commonly used methods, and they tend to inspire confidence among consumers. The next most popular methods include document verification, CAPTCHA and physical biometrics. This last method is said to result in a significant increase in consumer confidence compared to the most basic and frequently used authentication methods. But, Experian notes, advanced authentication methods, which aggregate data and might include behavioural biometrics and network characteristics, have yet to be widely adopted by businesses. Advanced authentication can often increase or decrease the degree of security based on the level of risk for that particular transaction. So, more sophisticated techniques, often employing artificial intelligence, are being developed to combat online fraud of various types. The hope is that they could turn the tide against fraudsters looking to take advantage of the ever-larger market for online transactions.

DECEMBER 2019

FEATURE

THE FUTURE IS PRIVATE AFTER INTRODUCING END-TO-END ENCRYPTION ON WHATSAPP, FACEBOOK HAS RECENTLY DECIDED TO EXTEND ITS ENCRYPTION FEATURES ACROSS ALL THE MESSAGING PLATFORMS IT OWNS. HOWEVER, GOVERNMENTS HAVE RAISED CONCERNS THAT DOING SO WILL MAKE IT EASIER FOR CRIMINALS TO COMMUNICATE UNHINDERED. SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS THE POSITIVE AND NEGATIVE IMPLICATIONS OF THE SOCIAL NETWORKâ&#x20AC;&#x2122;S LATEST MOVE.

DECEMBER 2019

www.tahawultech.com

acebook is frequently in the headlines, but few controversies linked to the social networking giant have attracted as much high-level government interest as its plans announced earlier this year to encrypt the messages sent by users. The proposals have raised concerns with the United States attorney general, William Barr, the British home secretary, Priti Patel, and the Australian home affairs minister, Peter Dutton. Along with another US politician, the then acting homeland security secretary, Kevin McAleenan, these officials recently signed a letter calling on Facebook to delay its encryption plans. Authorities have voiced concern that terrorists will be able to communicate with one another without their messages being accessible to lawenforcement agencies. Facebook messages have frequently sparked automatic alerts over the possible spread of child-abuse images, and the fear is that, with encryption, such illegal images will be spread more widely and the authorities will find it harder to detect them. Governments are particularly worried because of Facebook’s huge market presence, with the social network having 2.45 billion users. Announced in March by Facebook’s founder and CEO, Mark Zuckerberg, the encryption plans are seen by some

Professor Eerke Boiten, De Montfort University in the United Kingdom

“IF YOU BUILD IN A BACK DOOR, THAT BACK DOOR IS, IN PRINCIPLE, ACCESSIBLE TO LOTS OF OTHER PARTIES. www.tahawultech.com

as the company’s response to recent controversies over privacy and the use of user data. The Cambridge Analytica scandal in particular may help to explain Facebook’s actions. But if Facebook does start to use endto-end encryption by default, it will not be the only company to do so. Indeed, analysts have suggested that the fact that some rival messaging services already encrypt messages may have pushed Facebook to do the same. As well as WhatsApp, which is owned by Facebook and has 1.6 billion users, other messaging services already using end-to-end encryption include Telegram and Signal, both of which are seeing their popularity grow. In a recent interview published by the University of Virginia, where he is a professor of media studies, Professor Siva Vaidhyanathan suggested that an additional reason for Facebook’s move to encryption is that it is keen to protect its market share against WeChat. WeChat does not encrypt messages, and Facebook might be eager to stifle the Chinese messaging service’s expansion outside of its home market. Furthermore, in his recent interview, Vaidhyanathan echoed the concern of some officials by suggesting that if Facebook makes encryption the default for its messaging service, criminal networks could find it easier to recruit new members. He indicated that, at the moment, only the most committed terrorist and childabuse networks are likely to encrypt messages themselves. (Facebook already offers an option to encrypt messages, but it is not prominently displayed and many are unaware of its existence). The news agency Reuters recently quoted the associate deputy attorney general of the United States, Sujit Raman, as saying that more than 90 percent of the more than 18 million childabuse alerts received by the National

DECEMBER 2019

FEATURE

Centre for Missing and Exploited Children in 2018 came from Facebook. The suggestion is that more than threequarters of such alerts – which are typically generated automatically – could be lost if messages were encrypted, potentially leading to real-life consequences for many children at risk of abuse. The growth in the spread of pictures depicting child sexual abuse is little short of staggering. According to figures quoted by the New York Times, in 1998 the number of reports of such images to US authorities was just over 3,000. About 10 years later, the number had risen to more than 100,000 a year, while in 2014 it exceeded one million in 2014. The figure is now far higher still, being (as already noted) more than 18 million annually. Meanwhile, the London-based Financial Times has reported the UK’s National Crime Agency as saying that there were more than 2,500 reports last year of individuals using Facebook to try to meet children or to get them to share images. In the face of such stark figures, lawenforcement agencies want Facebook to provide a “back door” that would allow them to access messages. But some cybersecurity experts have concerns about such a move on ideological and technological grounds. One issue is that it is difficult to guarantee that decrypted messages will be seen only by those individuals or organisations within the authorities who should be able to see them. “There’s no one who knows security who thinks this can be done; everything gets leaked eventually … There will always be some insider who leaks for gain,” says Professor Kevin Curran, a professor of cybersecurity at Ulster University in the United Kingdom. In a similar vein, Professor Eerke Boiten, a professor of cybersecurity at

DECEMBER 2019

Professor Kevin Curran, Ulster University in the United Kingdom.

“JUST BECAUSE [ENCRYPTED MESSAGING SERVICES] CAN BE USED FOR BAD PURPOSES, THEY’RE A MINORITY COMPARED TO THE AMOUNT OF PEOPLE WHO WANT TO USE IT AND REMAIN PRIVATE.” De Montfort University in Leicester in the United Kingdom, likens a back door to leaving “keys on the door mat”. “If you build in a back door, that back door is, in principle, accessible to lots of other parties,” he says. Indeed, he says that encryption with a back door built in can be thought of as not really being encryption at all. “At the moment, your unencrypted messages would be visible to Facebook without help from Facebook. In that sense, there’s virtually no difference between encrypted and unencrypted when there’s a back door,” he says. While the idea that governments can monitor communications between those involved in terrorism or child abuse may be acceptable to many, there are concerns that authorities can also “spy” on individuals or groups who might want to remain under the radar for legitimate reasons. “Just because [encrypted messaging services] can be used for bad purposes, they’re a minority compared to the amount of people who want to use it and remain private,” says Curran. “The honest people will become less secure just so authorities can target the people who do commit crimes.” He notes that, even if the content of messages remains encrypted, there is still useful information available to authorities that want to track terrorist networks or stop the spread of illegal images. Even if messages are encrypted,

officials can build up pictures of terrorist networks by, for example, logging details of who is messaging whom. “There are other ways to catch these people. You have to register accounts, there are IP addresses. Not everything is encrypted; there will always be air holes,” says Curran. Facebook has argued that it is already doing much to assist law-enforcement agencies by, for example, creating alerts if there are large age gaps between people communicating on its platforms. Also, some commentators have highlighted the way that, with respect to harmful images, technological fixes can get around the problem of encryption even without actually decrypting pictures. Specifically, certain encryption algorithms can examine the content of images by “image hashing” encrypted data. This allows comparison with material that is known to be harmful. Although the controversy is continuing, Curran is confident that Facebook will ultimately press ahead with its plans to make end-to-end encryption the default option for its messaging services. He says that the social network will have done its homework on its plans thoroughly. “They understand how useful this is. They know the arguments against this – there have been working groups, task forces internally,” he says. “Like most people, they believe that the benefits outweigh the negatives.”

www.tahawultech.com

REDEFINING technology transformation

+971 4 440 9100

@TahawulTech

info@cpimediagroup.com

www.tahawultech.com

facebook.com/tahawultech

twitter.com/tahawultech

linkedin.com/in/tahawultech

INTERVIEW

STRONG AND STEADY

AS BULWARK TECHNOLOGIES CELEBRATES 20 SUCCESSFUL YEARS OF DOING BUSINESS IN THE MIDDLE EAST, THE FIRM’S MANAGING DIRECTOR JOSE THOMAS MENACHERRY LOOKS BACK AT HOW THE REGIONAL IT LANDSCAPE HAS PROGRESSED AND DISCUSSES HOW THEY HAVE ADAPTED AND EVOLVED TO CATER TO THE EVER-GROWING SECURITY SPACE.

DECEMBER 2019

he explosion of technological adoption in the UAE in the past two decades coupled with the increasing number of digital transformation initiatives and government bodies’ readiness to embrace innovation, has transformed nearly every aspect of life in the country. Technological implementations ranging from Internet of Things (IoT), blockchain, robotics and artificial intelligence applications are redefining business practices across both public and private sectors. As a key player in the regional IT industry for 20 years, Bulwark Technologies, a regional value-added distributor, has over the years witnessed how the country’s business and technology landscape has evolved. “During the last two decades, there have been many changes in the regional IT space and the channel industry is no different,” said Jose Thomas Menacherry, managing director, Bulwark Technologies. “Many distributors have shifted to a value-added business model, especially

www.tahawultech.com

“AS A SECURITY FOCUSED VALUE-ADDED DISTRIBUTOR IN THE REGION, WE KNOW THE BATTLE IS CONTINUOUS AS NEW SECURITY BREACHES AND DISCOVERIES EMERGE ON A REGULAR BASIS.” in the IT security sector. In early 2000, security strategies have been more focused on anti-virus and perimeter security. Today, it is now primarily centred on combatting internal and external as well as securing cloud, applications, IoT deployments. Furthermore, we are now seeing many other forms of security with much more advanced solutions based on AI and ML to protect customers from sophisticated attacks and breaches.” Menacherry also recalled how a couple of decades ago there were only a handful of companies offering IT security solutions, yet today there are numerous players in the market. He noted that security players today are shifting their focus from offering infrastructure solutions to securityfocused solutions selling. “Vendors are also favouring distribution models for extending and expanding their business in the Middle East region. They are also providing direct support for their distributors and channel ecosystem to bring the best experiences to end customers. A few legacy partners in this space are now offering full-fledged managed services. The increasing cloud adoption has prompted a number of new smaller entrants in this space,” he said. In the early days, a big focus for security players had been on educating customers about the importance of cybersecurity and on how they can best optimise these solutions, according to Menacherry. “There were very few organisations buying security products as there was hardly any budget allocated for such tools,” he said. “However, as we now know, this has changed significantly. Organisations are now fully aware of the

www.tahawultech.com

vital role that cybersecurity plays. As a security-focused value-added distributor in the region, we know the battle is continuous as new security breaches and discoveries emerge on a regular basis. We are prepared to meet such challenges with the latest technologies and by spending time and efforts in understanding these and addressing new cyber threats in the market.” The Middle East, like many markets across the globe, has not been spared from cyber-attacks such as ransomware and data theft. CISOs, security heads and business owners in the region are in constant search for robust solutions that will enable them to bolster their security postures. The SMB segment is also seeing rising security concerns, which is driving the demands for more competitive security offerings.

KEY MILESTONES OVER THE PAST 20 YEARS: - Bringing in the latest and niche security solutions to the Middle East - Establishing and maintaining expert technical resources - Expanding to other Middle East and GCC markets such as Oman, Kuwait and Saudi Arabia - Top recognitions as a VAD over the last 2 decades - Establishment and setup of a new office in Bangalore, India

“Bulwark Technologies has been instrumental in bringing global security vendors into the Middle East market for some niche products, thus expanding our portfolio of solution. Simultaneously, we have been empowering our channel community, which has significantly contributed to enabling us to address the growing market demands, thus allowing us to grow as a value-added distributor in the region,” said Menacherry. Being able to adapt to the everchanging security landscape by delivering the latest and niche technology solutions as well as acquiring the right expertise and building a strong channel ecosystem are key aspects to Bulwark’s success in the region, according to Menacherry. “’Stay focused on what you are best at’ is what we always say and is our mantra for success,” said Menacherry. “We have been very much focused on network and information security solutions distribution and we have experienced steady growth in this space over the years. We believe that staying on this course and further enhancing our expertise in this market segment will drive our continued success.” In the coming year, Bulwark seeks to keep pushing the envelope and expand its business by adding more strategic partners. “Being a cybersecurity-focused company, we have been regularly scanning the technology space for latest products addressing the new threats. Our future focus will be on cloud, mobility and IoT security,” said Menacherry. “In terms of operational growth, we have been expanding our business to other regions and boosting our workforce,” he said. “We have expanded our operations to India with a head office based out of Bangalore. We will further strengthen our team to address the increased demand for our cybersecurity solutions offerings. Finally, we also aim to double down on our on-ground resources in some of the countries we cover in the Middle East.”

DECEMBER 2019

INSIGHT

WHY FORESIGHT IS VITAL IN SECURING YOUR DIGITAL TRANSFORMATION BY HADI HOSN, DIRECTOR, CYBER SECURITY SOLUTIONS, EMEA, SECUREWORKS

igital transformation puts technology at the heart of business operations, products, and services. It also puts customer experience at the center of a company’s ethos while accelerating competitive differentiation. Embracing digital transformation is no longer aspirational. Instead it is imperative for survival in an economy driven by sensors and data. Security can enable digital transformation to succeed, but to achieve this it must be a part of the planning and implementation process. The rapid adoption of technology has created many problems when it comes to cybersecurity. The vast adoption of SMB V1 for network sharing in SCADA systems made patching known vulnerabilities next to impossible as the cost impact of pulling down factories for patching was deemed to be too high. The rapid spread of the WannaCry ransomware exposed the shortsightedness of this attitude and emphasised the importance of applying security protocols to the adoption of technology into business environments. Business needs to be thoughtful about the impact of security on their transformational journey, in some cases taking a step back from digital transformation to consider all the

DECEMBER 2019

possible impacts. To help with this, we have created a checklist of essential actions for protecting your organisation in the digital era. These are my 5 must-haves for securing digital transformation: Understand where your digital transformation will lead you and the resulting security implications. Foresight is a powerful tool when it comes to preparing for the long term. Define the security and functionality considerations of each new technology you’ll introduce as part of your digital transformation. Careful examination and understanding can prevent roadblocks. Designate at least one SME or group for the ownership of each technology and the subcomponents. Your DevOps team are not security experts, so you need the right expertise to make the right decisions. Ensure each of the following critical aspects of your security program are properly prioritised, monitored and measured as your digital transformation progress: • Data • Transmission • Application • Identity • Authentication • Endpoints

Maintain appropriate security goals and metrics for each technology at launch and over time. The defining aspect of these 5 suggestions is preparation. The objective of any transformation is positive change, but for each business the form change takes will be different. You can help your organisation set clearly defined goals and objectives to measure the success of your transformation. The most successful adopters of any strategy clearly define their goals, outcomes, and measurements well in advance. This allows them to collect the data that shows how a given digital transformation initiative has met, exceeded, or fallen short of the defined goals. Robust planning also helps organisations react quickly as transformation progresses and increases efficiency to reduce overall cost. You must define success for your organisation’s digital transformation from the beginning. Preparation will enable you to successfully secure digital transformation and fully realise all the business advantages it offers.

www.tahawultech.com

*Terms & Conditions apply: Contact your local supplier for more details enterpriseME@huawei.com; e.huawei.com/ae