Dear Readers, With great pleasure we bring you our GISEC edition of TECHx Review business magazine, with expert insights for your business. The magazine covers important stories from technology brands in the Cybersecurity space, other tech segments and the SMB’s/SME’s from across MEA region. We are glad to have partnered with GISEC as a media partner and even more excited to promote tech brands at the exhibition via our media. With this edition we bring you news in the form of special features, interviews with TECH Leaders, expert insights, trends and opportunities from the cybersecurity industry. The cybersecurity market in the Middle East & Africa was valued at USD 1903.59 million in 2020, and it is expected to reach USD 2893.40 million by 2026 and register a CAGR of 7.92% during the forecast period of 2021-2026. This is huge in terms of opportunities and with digital transformation being sped up across Middle East since 2020, cybersecurity becomes the most integral part of an organization’s digital journey. With this issue we hope to share valuable insights for our readers, sighting out the importance of cybersecurity and the future of cybersecurity. Keeping in mind our mission and vision of technology advocacy, we will soon be launching our Arabic version of TECHx as well to help the brands penetrate in more regions across MEA. Once again, a big shout out to the brands for participating in our GISEC special edition, the team for a marvelous effort in bringing the magazine to life and the PR agencies for supporting with brilliant content. We certainly hope you enjoy reading this issue and have a great second half of the year 2021. Please stay tuned to www.techxmedia.com for 24/7 coverage.
Con SCA AND MOE LAUNCH FINTECH MEGATHON 2021 - P-8 RISKIQ MIDDLE EAST BUSINESS GROWS 132% YOY - P-9 CISCO REVEALS COLLABORATION, CLOUD, AND SECURITY ARE IT'S TOP CHALLENGES IN UAE - P-13
THE TOP 5 SMB VULNERABILITIES - P-14 NEXT-GEN AI SUPERCOMPUTING INFRASTRUCTURE WITH ADVANCED INTEGRATION - P-16
Stay Safe & Stay Healthy!
Published by: Interdev FZE LLC (TECHx Media) Address: 413, IT Plaza, Dubai Silicon Oasis Tel: 04 344 9939 | www.techxmedia.com
Christopher David Media Head
General: email@example.com Editorial: firstname.lastname@example.org Media relations & Advertising: email@example.com
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
ntent FINESSE AT FOREFRONT IN SUPPORTING ORGANIZATIONS IN BUSINESS CONTINUITY - P-22
INTERVIEW WITH CAROL ANNE DIAS FROM AOC - P-23 THREE DATA SCIENCE TRENDS WE’LL SEE MORE OF IN 2021 - P-24 XDR: THE FUTURE OF THREAT DETECTION AND RESPONSE - P - 25 CYBER SECURITY 2021: TRENDS AND TIPS IN VIDEO TECHNOLOGY - P-30
Dear Readers, TECHx Review is back with a new edition. It's that time of year again when the entire IT industry anticipates the region's largest confluence of cybersecurity experts. As a technology media platform, TECHx perceives it as a huge responsibility to enlighten its readers about potential cybersecurity threats, particularly during critical times when you are just a click away from a malicious attack. This magazine contains expert opinion articles about cybersecurity threats to organizations and individuals. In addition, we spoke with industry experts to learn about their initiatives for ensuring business continuity during these challenging times. You'll also find recent cybersecurity-related stories from the IT industry in this edition. Like every year, GISEC 2021 will take place for three consecutive days and TECHx as the official media partner of the event will be broadcasting the whole event live on our publishing platforms in the form of interviews with industry insiders, updates from the conferences, LIVE sessions on our social media channels, and a lot more. So, stay glued to TECHx for the most up-to-date information about the event. Enjoy reading & stay safe!
Director Strategy: TP Sharafudeen Media Head: Christopher David Executive Editor: Rabab Zehra Creative Director: Shaju Musthafa
Rabab Zehra Executive Editor
About: TECHx is an exclusive media and publishing platform for technology affairs, facilitating the promotion of new technological innovations, product launches, and advocacy of exclusive market insights on technology and various other domains interdependent to technology.
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
TARGUS CYPRESS BAGS WITH ECOSMART Targus is on a mission to recycle more plastic bottles than any other bag manufacturer. Plastic bottles are reborn to make everything from the bag lining to the body and trim, without compromising the brilliant flexible working features and ergonomic comfort you expect from us. So always look for the EcoSmart Label before you buy and help us start turning the tide on ocean pollution and landfill in this critical decade. After all, we only have one planet: let’s make the best of it.
WHY CHOOSE A NEW CYPRESS ECOSMART BAG? Plastic bottles are reborn to make everything from the bag lining to the body and trim, without compromising the brilliant flexible working features, security and ergonomic comfort you expect from our bags.
MAKE YOUR NEXT DECISION A GOOD ONE. GRS is a global full product standard that tracks and traces the full life of recycled material from pre-consumer to post-consumer. GRS tracks social, environmental, and chemical requirements. The objectives of GRS are to define requirements to ensure accurate content claims and good working conditions, as well as to ensure that harmful
environmental and chemical impacts are minimized. Introduced to recognize the important role that recycling paper and timber plays in protecting the world’s forests. Unlike general ‘recycled’ claims, which require no verification, the FSC Recycled label provides assurance that all the wood or paper in a product has been verified as genuinely recycled. Only products containing 100% recycled material can carry the FSC Recycled label.
AMIVIZ LAUNCHES CYBERSECURITY FOCUSED B2B E-COMMERCE PLATFORM AmiViz has developed a B2B e-commerce platform with a human touch for the cyber security industry to serve the channel ecosystem by automating the entire business process. The new platform will help channel partners to scale up their operations and enable them to expand their reach as well as tailor better deals for their customers. The key features for the new AmiViz platform include:
NEW COLLABORATION PLATFORM AmiViz offers a collaboration tool in the form of an app & web portal to communicate with customers and partners. with customers and partners.
AUTOMATION IN ORDER PROCESSING AmiViz brings automation in order management and processing on a real time basis. AI and ML models and algorithms have been used to effectively engage with multiple users in a reseller organisation from different departments.
DATA & ANALYTICS The platform provides data in various formats and templates to monitor relevant business parameters. These insights help with more informed decision making, leading to effective campaigns and revenue growth.
REPORTING AND VISIBILITY Modern dashboards are available and can be customised to give visibility to data based on roles and responsibilities of people in the reseller and vendor world. It gives instant visibility to all aspects of business related to sales, demo & PoC, invoices, payments and reports.
NETAPP TRANSFORMS ITS UNIFIED PARTNER PROGRAM NetApp announced updates to its Unified Partner Program for the fiscal year 2022 (FY’22). The latest enhancements will provide partners with a more flexible, consistent and simplified experience. “It’s an exciting time to be a NetApp partner,’’ said John Woodall, vice president, engineering at GDT, a longtime NetApp partner. “The new updates to the Unified Partner Program will make it easier to do business with NetApp. Together, by offering a simpler experience, more flexibility and clear areas for our joint investment, these changes will enable us to further differentiate based on our expertise and contributions.” Enhancements to the Program include: • Expanding Partner Ecosystem – The program will now include specialist partners who sell, consume or influence the NetApp portfolio – increasing relevance to more partner types. • Simplified Incentives – Incentives are streamlined to align with key initiatives • New Partner Rewards – Individual participants who opt in will be rewarded f • New Solution Specializations - An opportunity to recognize and reward partners’ unique skillsets and go-to-market models, new solution specializations will be available for Cloud Preferred, FlexPod, SAP, AI/ML, Data Protection, Data Security, Hosting Service Provider, Infrastructure, and Spot by NetApp Preferred. • New Services Certified Specializations – The transformation of Services Certified Specializations include: Integration Services Certified, Lifecycle Services Certified, and NetApp Keystone Services Certified, ensuring alignment with customer needs across the hybrid cloud lifecycle. • Partner Connect 2.0 - The NetApp partner locator is being redesigned for a better user experience to help customers find the most specialized partners to meet their needs. “We are transforming our Unified Partner Program and evolving its structure to make doing business with NetApp simpler and more profitable for our partners than ever before,” said Chris Lamborn, Head of Global Partner GTM & Programs at NetApp.
SCA AND MOE LAUNCH FINTECH MEGATHON 2021
Under the patronage of H.E. Abdullah bin Touq Al Marri, Minister of Economy (MoE) and Chairman of the Board of the Securities and Commodities Authority (SCA), the Fintech Megathon 2021 was launched in the UAE. Held under the slogan “Reimagining the Future of Inclusive Financial Services”, the megathon encourages innovators, financial institutions, regulators, and other ecosystem partners across the UAE to collaborate and crowdsource to produce prototypes with the aim of addressing specific problems hindering the financial services industry. Commenting on the launch of the megathon, H.E. Al Marri said: “Organized by SCA, Fintech Megathon 2021 help foster the innovation environment in the country, encourage startups to be actively engaged in the development of innovative solutions, ensure the optimal utilization of modern technology, and create new opportunities for growth.” For her part, H.E. Dr. Maryam Al Suwaidi, Acting CEO of SCA, said: “SCA is very excited to announce the launch of the Fintech Megathon 2021. Fintech has become an integral part of the financial services industry today. It is highly important that we leverage the efficiencies technology can provide us to address the pain points faced by customers across the financial services industry in the UAE.” Speaking about the launch of the megathon, Mirna Sleiman, Founder and CEO of Fintech Galaxy, said: “We are very excited to be part of this collaborative and creative initiative that aims to address some of the key challenges facing the industry at present. Our expertise and widespread network across the Arab fintech industry enable us to bring together fintech startups, financial institutions, partners, and stakeholders from local fintech working groups with for development of the UAE financial services industry.”
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
WITH CYBERKNIGHT AS VAD, RISKIQ MIDDLE EAST BUSINESS GROWS 132% YOY RiskIQ, recently announced additional investment in its Middle East operations. Fueled by revenue growth across the region of 132% in 2020, RiskIQ recently relocated Henry Staveley, Regional Sales Director to Dubai and is currently undertaking additional recruitment activity. In late 2019 RiskIQ partnered with the value-addeddistributor CyberKnight Technologies, and together they quadrupled the number of RiskIQ resellers across the region in 2020. “You can’t protect what you can’t see! That is why we partnered with RiskIQ. The platform enables enterprise and government customers to truly understand their attack surface. This is critical because when an attacker targets an organization, they will look for any possible opening. Without understanding what they can see, security teams will not be aware of the potential vulnerabilities that can be compromised and become attack vectors.”, said Avinash Advani, Founder and CEO of CyberKnight.
Founder & CEO, Cyberknight
Regional Slaes Director, RiskIQ
Fabian Libeau, RiskIQ's VP and General Manager of EMEA, said, "While the Middle East has been a successful market for RiskIQ over several years, digital transformation initiatives, Covid-19, and the increased activity of threat actors across the region have made our solutions more relevant than ever. With these additional resource investments, we look forward to helping a growing number of Middle East organizations proactively defend themselves against cyber threats and threat actor groups."
USB-C Universal Quad 4K (QV4K) Docking Station with 100W Power
Universal Docking Solutions Truly Universal Compatibility
Imagine the simplicity of having one docking station that works for your entire enterprise – supporting USB Type-A or USB Type-C devices (or both!) and working across all major platforms. As a global leader in docking, Targus is uniquely equipped to make it happen. Our universal docking solutions are fully tested and proven to work with Mac® and PC platforms, as well as Chrome OS®, Android™, and Linux® operating systems. This broad and flexible compatibility means you don’t need to replace your docking solutions during every laptop or OS refresh – making Targus the preferred future-ready solution.
Boost productivity and performance with the world’s first enterprise-class universal docking station to deliver four 4K extended displays. Ideal for large enterprises – the Targus USB-C™ Universal Quad 4K (QV4K) Docking Station maximises workstation viewing. Dual DisplayLink® DL-6910 chip technology supports up to four DisplayPort or HDMI displays. The docking station includes numerous additional ports to connect your essential USB 3.0 peripherals and Ethernet network. USB 3.0 with fast charging (side)
WHAT COMES IN THE BOX USB 3.1 Gen1 (Type-C) | Audio In/Out (side)
USB-C Power delivery
Gigabit Ethernet USB 3.1 Gen1 (Type-C) to Laptop
Power Out (100W) Lock Slot
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
MITSUMI WINS ‘DISTRIBUTOR OF THE YEAR’ AWARD FROM HP
Mitsumi Distribution, announced that it has been awarded Hewlett Packard (HP) Global ‘Computing Distributor of the Year’ award for its extraordinary achievements in 2020 in the UAE and East Africa. The HP global channel partner award recognises top-performing partners across all of its geographical regions for 2020. Mitsumi won two awards under the same category for UAE and East Africa market - for its outstanding performance, commitment to customer excellence, and expanding HP’s reach in those markets. “We are excited to win the 2020 ‘Computing Distributor of the Year’ award from HP, despite the increasingly
challenging business environment since the pandemic. The award further validates our position in the industry, our strong expertise and the exceptional value we offer our customers in the region. We would like to thank HP and all our customers for their continuous support.” said Mitsumi Management. Mitsumi is HP’s authorised distributor in the Middle East for HP Computing (PC/ Laptops) and HP Supplies and in Africa for HP Computing, HP Print and HP Supplies. Forayed into the distribution business since 2009, Mitsumi has expanded its portfolio to include leading tech brands.
Nozomi Networks Integrates with ServiceNow Nozomi Networks Inc., announces a technology integration with ServiceNow that helps manufacturers deliver next-gen operational efficiencies and resilience. “Smart manufacturing is a bottom-and-topline game changer, leveraging technology Chet Namboodri and data-driven SVP, BD & Alliances, workflows to boost Nozomi Networks efficiencies, gain greater resiliency and drive more value,” said Chet Namboodri, Nozomi Networks SVP, Business Development and Alliances. “At the same time, managing and securing
these environments complicates manufacturing operations. Nozomi Networks is pleased to team with ServiceNow to simplify and support a new generation of process operations with the real time asset visibility that manufacturers need to speed response, reduce risk and increase compliance.” “Digitalization is a top priority for manufacturers who want to build and protect resiliency and maintain a competitive edge in today’s global marketplace,” said Binoy Gosalia, Global Head of Industry Partnerships at ServiceNow. “Yet, too often information silos, manual processes, and a lack of visibility keep manufacturers from realizing the full benefits of their digital investments. Nozomi Networks integration with ServiceNow makes it possible to unlock all the benefits of digitization with a unified system of action that is informed by detailed, real time asset information.”
DIGITAL EXPOSURE VULNERABILITY – CYBERSECURITY
e have reached the digital-first business world, academic processes, healthcare systems, banking affairs, civil governance in many day-to-day transactions. More exposed means more vulnerable to being hacked. In this context, digital and cybersecurity are critical and one of the most important subjects. Due to the COVID-19 outbreak, organizations need to make a fundamental change in their approach to cybersecurity and reprioritize budgets to align with this newly defined reality. The increasing amount of largescale, well-publicized breaches suggests that not only the number of security breaches are going up — they’re increasing in severity as well. Data breaches expose sensitive information that often leaves exposed users at risk for identity theft, ruin companies’ reputations, and leaves the company liable for compliance violations. TP Sharafudheen Some of the most common attacks include phishing, whaling, social engineering, Distributed Denial of Service (DDoS) attacks, malware, and ransomware. Malware, or malicious software, is any piece of software that is written with the intent of harming data, devices, or people. Ransomware is a form of malicious software that threatens you with harm, usually by denying your access to your data. Once a user falls victim to the attack, their data is encrypted. The attacker then demands a ransom from the victim, with the promise to restore access to the data upon payment. Social engineering in cybersecurity is the psychological manipulation of people into performing actions or divulging confidential information. Victims of a social engineering attack can range from a corporate executive to an elementary school student. Even the most seasoned IT professional can be victimized by this type of attack. Phishing is a type of cyber-attack where threat actors randomly send emails to a broad audience in an attempt to trick people into providing sensitive information such as account credentials or sensitive information. 56% of IT decision-makers say targeted phishing attacks are their top security threat. Cybersecurity is an important issue for both IT departments and C-level executives. One effective way to educate employees on the importance of security
is a cybersecurity policy that explains each person's responsibilities for protecting IT systems and data. Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity part of their regular budget. The emerging need for Security Operations Center to safeguard cybersecurity: Typical SOC infrastructure includes firewalls, IPS/IDS, breach detection solutions, probes, and a security information and event management (SIEM) system. Technology should be in place to collect data via data flows, telemetry, packet capture, Syslog, and other methods so that data activity can be correlated and analyzed by SOC staff. The security operations center also monitors networks and endpoints for vulnerabilities to protect sensitive data and comply with industry or government regulations. Networks, servers, endpoints, databases, apps, websites, and other systems are monitored and analyzed by security operations centers, which check for unusual behavior that could indicate a security incident or compromise. Staff from the SOC collaborates closely with organizational incident response teams to ensure that security vulnerabilities are addressed as soon as they are discovered.
Cisco reveals collaboration, cloud, and security are IT's top challenges in UAE A
ccording to Cisco’s new Accelerating Digital Agility Research, CIOs and IT decision makers (ITDMs) across the UAE are looking to maximize investments in digitization after a difficult year which raised the profile of IT leaders in driving critical workplace innovation. "IT leaders are at the forefront of ensuring critical success for their organizations in 2021," said Shukri Eid, Managing Director, Cisco Gulf Region. "Even as questions remain and new challenges will surface, CIOs and IT decision makers in the UAE are telling us they need to accelerate digital agility for their teams, so they have the speed, flexibility and choice to consume services across both traditional and modern environments." KEY FINDINGS: To prepare for the future of work, teams need highly secure access to succeed as a hybrid workforce. While a majority (60%) of CIOs and ITDMs are unsure of what the future of work looks like, 86% believe that maintaining security, control, and governance across user devices, networks, clouds, and applications is essential. Most (87%) agree it is important to empower a distributed workforce with seamless access to applications and high-quality collaborative experiences. 86% believe it is important to secure remote work tools and protect customer or employee data in the distributed work environment. IT teams must create optimized end-user experiences to keep pace with IT environments that have become increasingly distributed, dynamic, and complex. Close to two thirds of the CIOs and ITDMs surveyed agree that user experience should focus on delight versus satisfaction.
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
Shukri Eid Managing Director, Cisco Gulf Region
The need for agility, speed, scalability and security is driving adoption of hybrid cloud environments and SASE solutions. Most CIOs and ITDMs (83%) agree it is important to offer freedom of choice when it comes to cloud environments – whether on premises, public cloud, private cloud or SaaS – 87% think offering a consistent operational model across these environments is essential. CIOs and ITDMs have adopted SASE solutions because they were investing in cloud applications that needed to be secured (63%), they like to stay up-to-date on industry best practices (57%) and/or their workforce is going to stay distributed (47%). Customers expect a cloud-consumption experience regardless of whether their solutions are deployed on-prem or in the cloud, leading to widespread adoption of “as a Service” solutions. Technology will be a driving factor in the facilitation of CIOs and ITDMs to tackle talent retention, internal corporate initiatives and broader societal issues in 2021. Most CIOs and ITDMs (89%) believe the ability to attract and retain talent in the all-digital world will be critical. Nearly half of those surveyed said they are upskilling current talent (40%) and investing in talent in new areas (42%) over the next 12 months. Most CIOs and ITDMs (93%) plan to tackle internal initiatives in 2021, including sustainability (50%), employee mental health (46%), privacy (53%), diversity and inclusion (49%). In addition, 91% will tackle external societal issues in 2021, including digital divide (38%), healthcare (42%), climate change (32%), social justice (37%), human rights (35%), misinformation or “fake news” (30%), poverty, hunger and homelessness (30%).
THE TOP 5 SMB VULNERABILITIES Cyberattacks can cause several different types of losses to your business. Loss of access to vital customer information or critical financial data can be detrimental. Brand reputation can be impacted if customers lose faith. Security risks and breaches have always been a focus for small and medium-sized enterprises, but as we know from the Cyberthreats Report by Acronis, the intensity is increasing exponentially. However, many small- and mid-sized business owners say they lack the time or resources to tackle cybersecurity issues effectively. “Knowledge is power,” as the adage says. Knowing where your business is vulnerable to a cybercriminal’s endeavors is the first step to cyber protection and mitigating risk. In an infographic, we recap the top 5 SMB vulnerabilities. • Unpatched software applications • Unprotected networks and servers • Weak passwords • Unprotected emails • Lack of security awareness training Cyber protection brands like Acronis are always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continues to work around the clock to proactively detect and defend against the latest cyber threats. Last year cyberattacks rose by 400%. According to a 2021 report, 75% of personal IT users and 50% of IT professionals lost data last year —
and priorities when it comes to technology are uniquely their own. Ultimately, achieving stronger password security or stronger security, in general, depends on users taking a new approach to their cyber protection which requires integrating cybersecurity, data protection, and protection management into a single platform.
IMPORTANCE OF A CYBER PROTECTION AWARENESS TRAINING PROGRAM
Muhammad Khaled Senior Solution Engineer, Acronis, Middle East exposing the personal information of themselves, their businesses, and their clients to cybercriminals. At the same time, the vast majority of individuals and IT professionals reported that their passwords were strong and reliable and that they had protections in place to defend their data. The survey which was also conducted locally with 200 respondents from the UAE (a mix of IT Managers and end-users) revealed some interesting insights: • 36% said that the biggest IT challenge their organization has faced during and following the shift to remote work was securing data of their employees remotely • 45% said that their organization experienced data loss which resulted in business downtime. Everyone in the world relies on data – from students attending classes on Zoom to MSPs managing the IT needs of dozens of different companies. But their experiences, concerns,
If you have a risk management function in your organization, be it legal, IT, security, or compliance, consider implementing a cybersecurity awareness training program. A typical component of this is the regular distribution of harmless phishing emails to employees. Anyone who clicks on them receives follow-up emails showing missed phishing alerts and reminding them to be more vigilant. Other bulletin boards in the program include updates on the company's IT security and compliance policies, tips on safer online browsing behaviors, and more. These can be of value to everyone, as almost everyone needs an occasional reminder of the dos and don'ts of basic security. Finally, consider upgrading your traditional backup regimen to cyber protection - a combination of data protection and cybersecurity with anti-malware. This will provide you with a safety net against the most destructive and widespread types of malware that commonly use phishing as an attack vector, especially ransomware. If someone in your organization falls for a phishing scam, coronavirus-themed or not, these defensive measures can save you from days or weeks of costly data loss and downtime that threatens your business.
CLOUD-BASED THREATS COST FINANCIAL FIRMS AN ESTIMATED $4.2 MILLION Infoblox unveils new research into how the COVID-19 shutdowns challenged the financial services industry's core infrastructure. More than one year into the pandemic, banks, insurers, and other financial institutions report costly consequences to falling short of protecting their massive data troves from cloud-based attacks and network disruptions. Based on more than 800 responses from IT professionals working in the financial services industry in North America, Latin America, Europe and the Asia/Pacific region, the survey highlights: • Data breaches are an increasingly significant cost burden for the industry: Worldwide, financial firms that experienced a data breach reported estimated average losses of roughly $4.2 million per attack, with U.S. organizations hit hardest at $4.7 million in estimated losses. • Network outages also result in costly burdens: Institutions lose an estimated $3.2 million on average with Asia-Pacific followed by European institutions carrying the heaviest losses at $4.3 million and $3.1 million respectively. • The industry remains a popular target for cloud-based attacks: Over half of all organizations (54%) surveyed suffered a data breach in the last 12 months with 49% were plagued by a cloud malware attack as well. • Cloud and network-based attacks will continue to be a major threat vector: More than 50% of respondents expect
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
Anthony James VP, Product Marketing, Infoblox
to face a combination of IoT attacks, cloud vulnerabilities including misconfigurations, and data manipulation attempts over the next 12 months. • Threat resolution teams are embracing network visibility for security hygiene: Globally, network monitoring (76%), threat intelligence (64%), and threat hunting (57%) are considered the most effective mitigation tactics against these threats. “The financial services sector has long been a target for bad actors who are following the cyber money trail into the cloud,” said Anthony James, VP of Product Marketing at Infoblox. “As the pandemic pushed IT infrastructures to rely on remote work, cloud-based technologies that enabled digital transformation also created soft spots for cybercriminals to exploit." “This report shows us that cloud compromise has become the biggest cybersecurity issue for financial institutions and the investments they are making to protect themselves,” James continued. “Notably, respondents are starting to use DNS to catch network threats before they move upstream. This is reflected in the customer uplift we're seeing for our BloxOne Threat Defense platform, which uses DNS to extend security to cloudfirst infrastructure and accelerates threat resolution by orchestrating detection and remediation tools from the existing security stack.”
NEXT-GEN AI SUPERCOMPUTING INFRASTRUCTURE WITH ADVANCED INTEGRATION
dvanced Integration, an AI solution provider has the leadership of deploying the best scalable infrastructure for AI of the market, the NVIDIA DGX SuperPOD™ and POD with NVIDIA DGX™ A100. The DGX SuperPOD delivers groundbreaking performance, deploys in weeks as a fully integrated system, and is designed to solve the world's most challenging computational AI algorithms. This design introduces compute building blocks called scalable units (SU) allowing for the modular deployment of a full 140-node DGX SuperPOD, which can further scale to hundreds of nodes. From a platform point of view, NVIDIA Base Command enables teams to access, share, and operate DGX SuperPOD infrastructure securely. Developers and data scientists can also provision and schedule workloads on DGX infrastructure. Base Command also provides inbuilt telemetry for users to validate deep learning techniques, workload settings and resource allocations deep learning techniques, workload settings and resource allocations. The new Multi-Instance GPU (MIG) feature allows GPUs based on the NVIDIA Ampere architecture (such as NVIDIA A100) to be securely partitioned into up to seven separate GPU Instances for CUDA applications, providing multiple users with separate GPU resources for optimal GPU utilization. This feature is particularly beneficial for workloads that do not fully saturate the GPU’s compute capacity and therefore users may want to run different workloads in parallel to maximize utilization. With MIG, users will be able to see and schedule jobs on their new virtual GPU Instances as if they were physical GPUs. MIG works with Linux operating systems, supports containers using Docker Engine, with support for Kubernetes and virtual machines using hypervisors such as Red Hat Virtualization and VMware vSphere. Also DGXa100 has the NGC, NGC offers a comprehensive catalog of GPU-
accelerated software for deep learning, machine learning, and HPC. NGC containers deliver powerful and easy-todeploy software proven to deliver the fastest results. By taking care of the plumbing, NGC enables users to focus on building lean models, producing optimal solutions and gathering faster insights. To ensure the high speed communication among the DGXsA100 in the POD/SuprePOD, NVIDIA uses its sister company Mellanox. Advanced integration offers deployment of all kinds of Mellanox ethernet/ InfiniBand switching solutions and family of cables and transceivers provides the industry’s most complete line of 10, 25, 40, 50, 100, 200, and 400GbE in Ethernet and EDR, HDR, and NDR in InfiniBand as well as DPUs. NVIDIA transforms data centers with storage and compute solutions that are optimized for AI and deep learning workloads. Backed by deep AI expertise in both storage and computing, advanced integration infrastructure solution powered by NVIDIA DGX™ systems delivers a validated, preconfigured solution that enables high performance at scale, making it faster and easier for every organization. Along with powerful computing and networking offered by NVIDIA, Advanced integration offers a portfolio of NVIDIA DGX reference architecture solutions that incorporate the best of NVIDIA DGX POD. Delivered as fully integrated, ready-to-deploy, as well provides a complete storage solution needed to complete the full AI platform. Advanced integration has the partnership with the most premium storage solution providers such as DDN, PNY and NetApp. Advanced integration accompanies its customers on their AI journey, from the exploration phase where the customer is defining the AI Project, structuring its data set and building the best model to meet its goals.
72% OF UAE CISOs FEEL UNPREPARED TO COPE WITH A CYBER ATTACK
Ryan Kalember Executive Vice President, Cybersecurity Strategy, Proofpoint Proofpoint’s 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. The survey explores three key areas: the threat risk and types of cyber-attacks CISOs combat daily, the levels of employee and organizational preparedness to face them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices. It also covers the challenges CISOs face in their roles, position amongst the C-suite, and business expectations of their teams. “Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight,” commented Lucia Milica, global resident CISO at Proofpoint. “With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. Now, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.” Key findings from the UAE include: • CISOs are on high alert across a
range of threats: faced with a relentless attack landscape, 68% of surveyed CISOs in the UAE feel at risk of suffering a material cyber attack in the next 12 months. When asked about the types of attacks they expect to face, insider threats (29%), phishing (28%) and Business Email Compromise (25%) topped the list. Supply chain attacks and ransomware were of similar concern with 22%. Cloud Account Compromise was bottom of the list with 15%. • Organizational cyber preparedness is still a major concern: 72% of CISOs in the UAE feel their organization is unprepared to cope with a targeted cyberattack in 2021. Cyber risk is also on the rise: 71% of CISOs in the region are more concerned about the repercussions of a cyberattack in 2021 than they were in 2020. • User awareness doesn’t always lead to behavioral change: 70% of CISOs in the UAE consider human error to be their organization's biggest cyber vulnerability. • Long term hybrid work environments present a new challenge for CISOs: 66% of CISOs in the UAE agree that remote working has made their organization more vulnerable to targeted cyberattacks, with 76% revealing they had seen an increase in targeted attacks in the last 12 months.. • High risk, high reward likely to be a common cyber theme over the next two years: 70% of CISOs in the UAE believe that cybercrime will become even more profitable for attackers, while 64% believe that it will become riskier for cybercriminals. • CISOs will adapt their cybersecurity strategy to stay ahead: The majority of global CISOs expect their cybersecurity budget to increase by 11% or more over the next two years, and 77% of CISOs in the UAE believe they will
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
Lucia Milica's Global Resident CISO, Proofpoint
be able to better resist and recover from cyberattacks by 2023. Top three priorities across the board for UAE CISOs over the next two years are: addressing supplier risk (29%), supporting remote working (28%), as well as enabling business innovation (28%). • 2020 elevated the CISO role, as well as the expectations from the business: 67% of UAE CISOs agree that expectations on their function are excessive. The perceived lack of support from the boardroom persists with only 31% of UAE CISOs strongly agreeing that their board see eye-to-eye with them on issues of cybersecurity. “With businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cybersecurity defenses has never been more pressing,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint. “The findings from our report emphasize that CISOs need the tools to mitigate risk and develop a strategy that takes a people-centric approach to cybersecurity protection.”
In the past, an employee’s ability to access resources and work securely has been driven by a simple question: Are you at work? There are many issues associated with a security architecture that presumes trust based on physical location. On the network, you get access to internal applications. But what if you aren’t an employee? What if your device is compromised? What if you shouldn’t have access to all of these applications? Because of the security implications associated with an architecture based on these questions, the concept of Zero Trust was invented more than a decade ago. But few embraced it. Now, we are at a digital inflection point: The abrupt shift to remote work is evolving toward a permanently hybrid workforce and the applications powering business outcomes are increasingly in the cloud. Organizations must move beyond the mindset of using implied trust in access and security. A Zero Trust approach removes implied trust everywhere to provide a better security posture. For every connection from any user to any application, the Zero Trust promise is to verify who the user is, the type and state of the device they are using, and the application they are accessing, to decide whether it is safe or not. And do this regardless of where the user or the app is located. From a user’s perspective, this means consistent, easy, and safe access to all applications you need. This can happen today. This is how you can achieve it: • Verify all users, devices and applications: Always verify the identity of the user, the integrity of the host they are using and the application they seek to access, irrespective of where the user, device or application may be. • Apply context-based access:
IT’S TIME FOR ZERO TRUST Lee Klarich, Chief Product Officer, Palo Alto Networks
Every access policy decision should consider user, device and application context, ensuring consistent security and user experience. • Secure all content: Continuously inspect all content to verify that it is legitimate, safe and secure, and examine all data transactions to prevent enterprise data loss. • Continuously monitor and analyze all security infrastructure: Continuously monitor all connections and content for signs of anomalous or malicious activity to help uncover gaps in your implementation, and use this data to continuously analyze and fine-tune your policies to improve the security of the system. These are the core building blocks of a Zero Trust architecture. How We Can Help We were made for this. Our products are engineered from the ground up to continuously and reliably identify all users, devices, and applications – no matter where they are – allowing you to consistently apply contextbased policies across your entire organization. We developed features like User-ID, App-ID, Device-ID and policy-based authentication, and
our latest release takes this to a new level. Our security engines comprehensively secure all content across all applications – not just what’s bound for the internet – to keep your users, devices, apps and data safe. These security services are truly integrated and core to how we secure all enterprise environments, battle-tested over years of real-world use. Aided by intelligent, context-rich data and visibility into all activity, you can enable your business, improve your security posture and empower your SOC to rapidly identify and eliminate malicious activity. As users embrace a hybrid workplace, Palo Alto Networks is uniquely positioned to deliver on the promise of Zero Trust. For your workforce that will spend all or part of their time being remote and a part of their time at the workplace, you can optimize the user experience by leveraging consistent capabilities across our cloud-native service, hardware and software form factors. We’re incredibly excited about these new innovations, and we are eager to partner with you on your cybersecurity journey.
PNY PUSHES STORAGE EVOLUTION WITH NEW BLISTERINGLY FAST, LOW-COST FLASH ARRAYS FOR NVDIA GPU SERVERS
PNY Technologies, has launched a new range of AI storage appliances, redeveloped to deliver unseen price to performance ratios to suit the emerged A.I. market which is seeing increasing numbers of smaller clusters of GPU servers. The NVIDIA DGX A100 supercomputer has provided organisations and research institutions with a new capability, and as these projects have grown, so have the number of smaller clusters of NVIDIA DGX’s, which in turn places even more demand on the storage system. While many storage vendors have raced to develop solutions for multi petabyte super-pods, PNY has focused on a solution for the average customer. Engaging with a Software Defined Storage team to develop a PNY bespoke solution focused purely on NVIDIA key features, such as HDR/200Gbe and GPUDirect, yet starting at 30TB. The solutions are designed to be affordable for new projects, while still delivering full HDR/200Gbe performance. The 1U is expandable to 150TB and the 2U 360TB, with optional 1U / 2U expansion boxes should projects scale. The 1U has been aimed at the growing POD / Edge market where ultra-fast storage is required for inferencing, but cost and space are critical. “Project funds are best spent on GPUs, it is these GPUs which provide the user value and ROI. Yet, we need to ensure that the storage can keep the GPUs active and offer the quality to sustain such high levels of performance. Our generation 1 solution provided this, but with NVMe-oF as the connectivity, it was mostly restricted to single servers. As projects grew, even if only two servers, they needed more storage power and the ability to share data. This was the challenge and took considerable focus, investment and time, but the results we believe will change what a default A.I. POD solution looks like. If you are starting an A.I. project and need to factor in storage while ensuring your funds are mostly spent on GPU, this provides a simple, plug-n-play appliance solution” said Laurent Chapoulaud, Director Marketing Professional Solutions for PNY EMEAI.
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
The solution is currently unique to PNY and although their primary focus is price, performance and ease of use, recognising the growing challenges faced by isolated and edge-based solutions, additional features are being developed to help unify the complete PNY POD, for example, full NVIDIA monitoring; not only will the PNY storage monitor itself, but it will also monitor the NVIDIA DGX and Mellanox switch creating a single unified support path for solution partners to provide full remote monitoring. “PNY aims to provide partners with all the elements needed to create a full solution, adding unified PNY POD remote monitoring options is just an extension of PNY’s commitment to helping resellers deliver solutions”. To help tune the solution, PNY worked with Mark Klarzynski, a longstanding storage expert and a pioneer of the Software Defined Storage movement and the All Flash Array concept. “Clearly the focus on performance has paid off. In our tests, even an entry level 1U solution outperformed an enterprise class all flash array. In storage, we have many test methods to provide great benchmark results, commonly we will use multiple servers to drive the storage faster and achieve good-looking and marketable performance figures. However, with the PNY solutions, a single NVIDIA A100 server could easily saturate the HDR/200Gbe link. Put simply, it outperformed most leading vendors at a fraction of the cost, without even trying hard” commented Mark Klarzynski. “Running real-life deep learning tests, we simply could not throw enough hardware at it, we had three DGX servers fully maxed out and the storage looking like it was hardly trying. The new design has made good use of the NVIDIA Mellanox RDMA strengths, building a new storage stack to take full advantage of its ultra-low latency and high bandwidth. But, ultimately, I was most impressed with its ease, we simply plugged it in and within minutes we were up and flying” added Mark Klarzynski.
FINESSE AT FOREFRONT IN SUPPORTING ORGANIZATIONS IN BUSINESS CONTINUITY seen more success, given the everexpanding digital attack surface with security flaws. To cope with this, Finesse now has a dedicated cybersecurity practice – which caters to infrastructure and cloud security, application security assistance, security intelligence & analytics, digital identity, and data protection and privacy.
Sunil Paul Co-Founder & MD, Finesse Global How has Finesse supported organizations in business continuity since the pandemic has begun? The world has seen a surge in digital transformation investments ever since the pandemic began. Finesse Global has had to support its client base by quickly and effectively adapting to new workforce model paradigms forced by the pandemic - thus ensuring business continuity. This has been underlined by Finesse developing ‘ready to roll-out’ frameworks in areas covering AI chatbots, BI & Analytics, Intelligent Process Automation (IPA), Robotic Process Automation (RPA), solutions around customer-relationship management (CRM) Customer Engagement Management (CEM) tools and Treasury Management. Additionally, it has been noticed that as organizations moved more towards digitalizing their businesses in 2020, cybercriminals have also
Digital Transformation is changing the way businesses run. How is Finesse capitalizing on the opportunities and transforming companies? Finesse was incorporated in 2010 with a mission to revolutionize IT infrastructure through superior systems integration capabilities while simultaneously empowering customers to digitally transform business processes. A decade later, Finesse is at the forefront in supporting clients to reach successful outcomes by helping them adopt state-of-the-art technologies through effective and efficient solutions. Finesse continues to invest its workforce in novel areas such as AI chatbots, IPA, RPA, BI & Analytics, Blockchain, and also continues upgrading approaches in Customer Relationship Management (CRM) and Customer Engagement Management (CEM). Investments in Cybersecurity have been exponential in the last couple of years, what role do you play in implementation of cybersecurity solutions for customers? Finesse helps its clients focus on their core business by providing end-toend managed cybersecurity solutions for their technology environment & non-core business processes. Finesse employs Security Orchestration,
Eljo Pynadath Director & Chief Business Officer, Finesse Global Automation and Response (SOAR) within the organization’s security toolset that will help security teams manage and respond to threats across multi-cloud environments at almost instantaneous speeds. Finesse also complements this wide portfolio with a dedicated cybersecurity practice, which covers Infrastructure & Cloud Security, Application security assurance, Security intelligence & analytics, Digital Identity, Data protection & Privacy together with Managed Security Services supported by our 24X7 SOC; thus enabling our customers to be secure and safeguarded from cyberattacks. Finesse has also established a dedicated cybersecurity practice, which covers infrastructure & cloud security, digital identity, data protection & privacy. We are committed to providing a ‘Zero-Trust modeled’ security to organizations to be prepared to tackle cyber threats at any time and anywhere.
INTERVIEW WITH CAROL ANNE DIAS FROM AOC AOC retained the #1 spot in the competitive gaming monitor industry this year as well. What distinguishes AOC from the competition? At AOC, we've always been on a quest to improve the visual quality of our products for users, which has resulted in our displays being ranked first in the globe. We are committed to offering consumers the best gaming monitors that will provide them with an excellent way to play their games and a genuinely world-class visual experience. The No 1 spot does indicate that you are quite known within the consumer segment. What solutions do you have for corporates and business set-ups? TPV Technology carries the whole line of AOC and Philips monitors to fulfill the demands of our customers at all levels. We have every specification that is required, whether it is for gaming, go green, touch, privacy, or wide screens for professionals and businesses. Philips Monitors provide a wide range of creative solutions to satisfy the needs of today's dynamic, multifaceted professionals, including solutions to increase productivity, give true-to-life visuals, improve well-being, and preserve the environment. Our award-winning 499P9H 32:9 SuperWide display is the equivalent of two full-size high-performance monitors in one. It combines the performance and convenience you expect with productivity-enhancing features like USB-C and a pop-up webcam with Windows Hello. AOC Monitors for Professionals 24V2Q won the Consumer Choice Award for the Slim profile with Full HD IPS model. It gives the business professionals an enhanced experience with a dynamic design. Researchers predict that the global display market will hit a whopping figure of $206.29 billion by 2025. In light of this, what biggest technology trends you foresee in the display industry in the coming years? When it comes to the future of the workplace, there are a number of things that will influence how we work. When it comes to technology, the display is one of the most crucial. The way we view and engage in our daily chores is influenced by the visual aspect of our computer setup. It improves communication, enables us to visualize our effort, and lets us see the outcomes. Trends such as huge display formats, slim borders, borderless, curved, 4k resolutions, and touch screens have already appeared.
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
Carol Anne Dias Regional Sales Director, MEA, AOC
• Display panels will incorporate trends like Visual/ Augmented Reality in the coming years, allowing users to view, move around, and interact with 3D displays. • 8K displays, which will allow larger screens without pixelation. • Transparent displays / flexible / foldable: ideal for meeting and conference rooms. • Eye Tracking: Like mobile phones, displays will have an eye-tracking feature for security. • Artificial Intelligence will be incorporated into display screens, which will allow consumers to automatically be informed on suggestions. Are there any new collaborations or product launches in the pipeline for AOC? We're enhancing our partnerships with major corporations such as Porsche Design, Bowers and Wilkins Audi, Xbox, Blizzard, and Riot Games, to mention a few. Professional interactive large displays & signage in AOC will be launching within this market in the coming future. Could you have an overview of AOC's Middle East expansion plans for our readers? Offering a range that will fulfill all requirements from B2B clients, gamers, schools, and corporates will be our primary focus in expanding breadth and categories for our customers. We'll use this to expand our own stocking and warehousing hub in the Middle East. This will enable us to work on SKD projects throughout the Middle East.
THREE DATA SCIENCE TRENDS WE’LL SEE MORE OF IN 2021 TEAMS WILL NEED TO INFUSE AGILITY AMIDST A POST-PANDEMIC ENVIRONMENT According to Gartner, the theme of resilient delivery “isn’t about ‘bouncing back’ — it’s about having the ability to nimbly adapt or pivot in a dynamic business or IT environment. The theme’s underlying assumption is that volatility exists, so it’s vital to have the skills, capabilities, techniques, operational processes and systems to constantly adapt to changing patterns.” In 2021, the use of AI for sustained resilience will be underscored, particularly with regard to empowering every team and employee to work with data to improve their business output. These challenges we observed in 2020 will remain in 2021 for teams that don’t have a collaborative data science platform:
Sid Bhatia Regional Vice President - Middle East & Turkey, Dataiku
In 2020, data science, machine learning, and AI emerged as critical organizational assets for handling large-scale change with less friction. As we steamroll through 2021, here are some of the data science trends to look out for to ensure your organization is taking a holistic approach to its data initiatives:
MLOPS WILL BECOME EVEN MORE CRITICAL In 2021, organizations will take their MLOps foundations and go a step further to implement detailed processes and requirements around drift monitoring using MLOps. Input drift is based on the principle that a model is only going to predict accurately if the data it was trained on is an accurate reflection of the real world. If a comparison of recent requests to a deployed model against the training data shows distinct differences, there is a high likelihood that the model performance is compromised. In 2020, the significant drift observed was a result of the global health crisis. As a result, the new year is bound to include organizations using MLOps to put more structure in place around drift monitoring so that models can be more agile and accurate. And organizations won’t stop there.
• Access to systems: Whether accessing the various data sources or the computational capabilities, doing so in a remote setting can be challenging. • Collaboration within teams: Without the physical in-office proximity, individuals can become siloed in the execution of their data projects. • Collaboration across teams: Data projects require buy-in and validation from business teams and also require data engineering and other teams to help with operationalization. • Reuse over time: Capitalizing on past projects is key to maintaining productivity and reducing duplicate work. The lack of in-person discussions can limit this ability. Organizations Will Go From “What Is Responsible AI?” to “How Can We Implement Responsible AI?” Up until now, a lot of the conversations around the topic of Responsible AI have been “We haven’t thought about this yet” or “How can we think about it and acknowledge the harms and impacts that AI can have on the world?” Teams might be determining how Responsible AI differs across job functions agreeing on and establishing a framework for their organization’s ethical rules, and putting checklists into place for Responsible AI across the AI pipeline. In 2021, we believe we’ll see more organizations put this research and work into practice. There’s no longer a need to convince people that this is the way to go, as they’ve already gotten there. Now, it’s going to be a matter of bringing organizations the expertise to implement the ethical use of AI. Embracing these AI trends will not only accelerate organizations’ post-COVID recovery, but the adoption of enterprise-wide AI as well.
or businesses across the UAE, and the globe for that matter, one of the realities of the new world we live in is the hybrid workforce. According to a recent study from Aetna International, two thirds of UAE employees want to return to the office, with the balance preferring to work from home, once the crisis has abated. Against this backdrop, companies must ensure that all employees are connected to their company network at any time and from anywhere, whilst doing so securely.
THE CASE FOR XDR Many existing endpoint protection (EPP) tools are simply not equipped to manage today’s threat landscape. If threats emerged as single, isolated attacks on a single company device, then organisations would have defences in place to mitigate the attacks. Unfortunately, attacks are not being carried out in this manner. They are coordinated across user identities, devices and endpoints. As such, organisations need solutions that can roll with the punches -- enable real-time response --, and better yet anticipate -- in order to prevent -- the adversary’s next move. In the world of cyber defence, the key question is can we respond to an attack with accuracy. Unfortunately, technologies that send alerts when a suspicious activity is detected put the onerous task of determining the full, and correct response on the operator. A partial and incomplete handling of these activities may slow down the cybercriminal’s efforts but may not halt the attack as a whole. Organisations need a new approach to threat detection and response.
THE FUTURE OF THREAT DETECTION AND RESPONSE By Yonatan Striem-Amit, Chief Technology Officer and Co-Founder at Cybereason
CHOOSING THE RIGHT XDR SOLUTION There are three key elements to consider before committing to one. Firstly, check that the technology can help you find the threats that are relevant to your business. A foundational step in security is knowing your attack surface: what does your network look like to an attacker, and what needs to be protected. An adept XDR solution should connect across your remote workforce, SaaS, IaaS, and even critical on-premises infrastructure to protect your enterprise network. Next, you will want to test if the solution can speed up your threat detection and response capabilities. The best solutions are operation-centric, which means instead of an alert on a single event, you’re presented with a highly correlated, intuitive view of the malicious operation. The technology should support machine readable threat intelligence, such as Indicators of Compromise, or metadata associated with known-bad activity. In other words, evidence of the tools and artifacts of a breach. More importantly, however, is the identification of Indicators of Behaviour (IOBs), or the actual actions and behaviours that take place. This might include a change of privilege or an application that instigates a process, perhaps an injection from one process to another. Hackers increasingly execute attacks with new and unique code tailored to an individual target environment. Therefore, there may not be any old indicators to suggest a compromise, offering an inaccurate assessment of your security posture. Finally, an evaluation of the
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
technology’s response to threats should be made. As soon as an attack is identified and understood from a macro-level, the ideal XDR solution should automatically deploy remediation actions; or at least, it should have the ability to guide you through the best response. With a strong XDR solution, we, the defenders, can regain the upper hand with the ability to detect, correlate and stop attacks in real-time, even across complex, ever-evolving enterprise environments. Unlike SIEM or log management tools, XDR promises an experience focused on security value -- better detection, easier investigation, faster response. In order to defeat an adversary that can weave between data silos and understands detection alerts, it requires an operation-centric approach. Implementing an XDR solution means faster detection, which means faster remediation, thereby ending attacks before they become breach events.
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
EMBRACING AN IDENTITY-CENTRIC APPROACH TO IT SECURITY Toni El Inati RVP Sales, META & CEE, Barracuda Networks
The traditional approach to IT security used by many organisations can be likened to building a castle surrounded by a moat. Core resources are housed in an on premise datacentre and protected from outside threats by firewalls and other security tools. Now, in 2021, this approach is rapidly changing. Rather than relying on building and maintaining a secure perimeter around resources, increasing numbers of organisations are embracing a strategy based on identity. This becomes especially important as Middle East businesses increase utilisation of cloud solutions. The COVID pandemic has sparked a surge of interest in cloudbased technologies and applications. Often dubbed a ‘zero trust’ approach, the identifybased strategy follows the logic that people, devices, and applications must prove their identity before being allowed to access resources. It is only once this identity has been confirmed that they are granted the access they desire. The concept of secure identity is gaining traction in other areas as well. From online shopping and interacting with governments to secure digital health records, identity is quickly becoming a key component.
them and grant access is critical. For these reasons, organisations are shifting their security spending towards identity-based and zero trust solutions. They understand it is the only effective way to maintain security of core corporate digital assets while also making them available to those who need them.
MANAGING IDENTITY Organisations need to decide whether they will be providing digital identity credentials to all authorised users or rely on credentials provided by a trusted third party. Such third parties could be anything from a bank to a government department or a telecoms company where a customer has already proven their identity. Organisations also need to have in place the ability to identify the devices through which users are asking for access. The third element that needs to be in place is the ability to manage the access rights of each identity. Mechanisms are needed that ensure people are only able to reach resources that they specifically need to complete their work tasks. .
AI AND AUTOMATION
Identity-based security is particularly important in the post-COVID world. With large numbers of staff expected to work from home, the concept of having a secure perimeter simply no longer makes sense.
When building a robust and effective identity-based security infrastructure, there is also a role for AI and automation tools. By putting them to work across the organisation, they can monitor user behaviour and flag anything that looks suspicious.
The growing number of connected devices in use is also driving demand for an identity-based approach to security. With everything from IP-enabled cameras and sensors to connected machinery and cars needing access to centralised systems, being able to accurately identify
It’s clear that the old perimeter-based approach to IT security is over. New approaches based on identity are quickly filling the gap and will soon become the standard for most organisations. The result will be better flexibility, access, and security for all.
A ZERO TRUST MODEL FOR SECURE REMOTE ACCESS Our home networks are now serving entertainment, school and work. There are plenty of operational tasks now being performed from home that require privileged access. This runs the gamut from managing the organization’s social media accounts to administering servers, databases, applications, and SaaS solutions. Now, as a security best practice, native remote access protocols should be disabled for corporateissued computing device(s). Unfortunately, in many environments, particularly for remote workers, this security control has not been implemented. The rationale behind enabling protocols like RDP, SSH, and VNC has been a source of contention between information technology and information security teams. Zero trust architecture can accommodate almost any environment and allow for remote sessions using proprietary access technologies. Together, zero trust and secure remote access can solve remote worker and remote session challenges and even strengthen your security posture for on-site and traveling workers. Here are the key areas you should pay careful attention to when implementing this model.
Karl Lankford Regional Vice President, Solutions Engineering, BeyondTrust
Any zero trust implementation requires a layered or wrapper approach to enable legacy systems. However, a pure zero trust approach entails enveloping all resources — regardless of their location — with these concepts. You can, however, log remote session activity, record interactive screen sessions, and monitor events to look for potentially malicious behavior. This is a partial implementation of zero trust with secure remote access.
PEER-TO-PEER TECHNOLOGIES TECHNICAL DEBT If your organization develops its own software for consumption, and the applications are more than a few years old, you have technical debt. Redesigning, recoding, and redeploying internal applications can be costly and potentially disruptive. There needs to be a serious business need to undertake these types of initiatives. Adding security controls to existing applications to make them zero trust-aware is not always feasible. It is likely that your existing applications have no facilities to accommodate the connection models in the specification and are not coded to operate in a perimeterless model as specified by NIST. Therefore, depending on the architecture of your custom application, consider using zero trust and secure remote access as the mechanism for remote worker connectivity.
LEGACY SYSTEMS Legacy applications, infrastructure, and operating systems are most certainly not zero trust-aware. They have no concept of a remote worker and rely on direct network connectivity to operate them.
Starting in 2015, Windows 10 enabled a peer-to-peer technology to share Windows Updates among peer systems to save Internet bandwidth. While some organizations turn this off, others are not even aware it exists. If remote access sessions require protocols like ZigBee or other mesh network technology for IoT, you will find that they operate completely counter to zero trust. They require peer-to-peer communications to operate, and the trust model is based strictly on keys or passwords, with no dynamic models for authentication or modifications. Therefore, if you decide to embrace zero trust and secure remote access, consider hardening your endpoint security model to not allow any inappropriate network communications on the same subnet as the source or destination.
CLOSING THOUGHTS A Secure Remote Access solution using a zero-trust architecture can ensure resources are managed from potential inappropriate connection abuse and that all applications are executed within a zero trust model. This means no end users are ever trusted for a remote session unless the confidence for execution can be measured. This is true for any location an asset may reside, irrespective of the perimeter.
CLOUD APP ECOSYSTEMS WILL BECOME THE NEW CYBER-BATTLEFIELD
y now we know that recent circumstances have driven mass migration to the cloud. By Statista's estimate, the MENA cloud application market showed CAGR of around 27% between 2016 and 2020, soaring from US$ 239 million to US$ 620 million. Such trends should convince us that the cloud future we always envisaged is arriving ahead of schedule. Are we ready for it?
A NEW GEOGRAPHY The advantages of SaaS are widely known. Across the Gulf and beyond, SaaS platforms allowed turnkey adoption of new operational models, such as remote working, distance learning and rapid ramp-up of online business. But the user ecosystem has also undergone a sea change. The altered geography of the corporate network has exposed software suites to new threats. That means business stakeholders and their security representatives must look to the SaaS infrastructure with fresh, open eyes. How can it be protected from bad actors invigorated by a dizzying expansion in their opportunity landscape? Security teams tend to prioritize protection and monitoring for hosts and networks, neglecting the data access that is continually initiated by apps. Much of the concerns that swept the region and led to big-player entry in the cloud services market centered on compliance. With that in mind, it is worth observing that regulators will audit SaaS applications and raise red flags when finding their security wanting. Threat hunters would therefore be richly served by automated solutions that detect weaknesses and advise action in
line with industry standards such as PCI-DSS and NIST. What is needed is a single point of control for IT and security teams, with 360-degree visibility of environments, as well as granular control over data access by all SaaS apps and their users.
LOW-HANGING FRUIT We call this approach Software-as-aService detection and response. It will be vital to the region’s ongoing digital transformation because bad actors are notorious for targeting low-hanging fruit. The best way to shore up gaps in defenses. Good SaaSDR does not rely on the APIs of individual apps to gather information. Instead, it uses the cloud platform itself to gather broader views and develop unified visibility on apps, data, endpoints, and users. Consider the power of being able to inventory users and their roles. Every group membership and access privilege will be on display. Access strategies can then be formulated on a needto-have basis. Security teams will be able to tell at a glance the difference between partners, customers, and remote employees. Also on display will be every application vulnerability. Endpoints and their security integrity will be available in real time. Think of all of this as a view of the infrastructure from an attacker’s perspective — a vulnerability profile. Where the attacker would strike first becomes a security team’s primary point of triage.
THE HOLISTIC ARGUMENT Cloud Access Security Brokers (CASBs) and siloed SaaS security solutions fail to deliver much control outside of basic user and access management. The understanding of weaknesses within individual SaaS apps is vital to build up a vulnerability profile and match
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
Hadi Jaafarawi Managing Director – ME, Qualys
it to an appropriate threat posture. Once policies have been established, the ideal SaaSDR system will police them, informing stakeholders when misconfigurations occur. The siloed-to-holistic migration argument is an old one. But it becomes more axiomatic daily as we move into wildly hybridized ecosystems. One view of the corporate domain is no longer a luxury. The single-dashboard SaaSDR saves time and resources while enhancing the ability to head attacks off at the pass. Middle East innovators have enough to contend with. Right now, they are figuring out how to rise anew from the all-too-familiar malaise of a battered economy. They do not have time to continually take a lighter to digital leeches. A bird’s-eye view of their digital estate and the hostile woods beyond is exactly what they need. And that is what SaaSDR provides.
CYBER SECURITY 2021:
TRENDS AND TIPS IN VIDEO TECHNOLOGY The technological landscape has changed dramatically over the last few years especially post pandemic and that has impacted every industry cyber security included. Emerging technologies, news innovations and trends are impacting digital security. As a result of 5G increasing the bandwidth of connected devices, more and more smart devices will be added to the internet, referred to as the Internet of Things (IoT). In terms of network speed, UAE is particularly well prepared to take advantage of IoT. Global SpeedTest field research shows the UAE 5G network speed of 959.39Mbps is the fastest in the world ahead of Saudi Arabia and Norway. Given, the sheer volume of threats and cyber-attacks, the need of the hour is to act not just swiftly but with precision. THE DIGITAL SECURITY TRENDS The cyber security market in the Middle East & Africa was valued at USD 1903.59 million in 2020, and it is expected to reach USD 2,893.4 million by 2026 and register a CAGR of 7.92% during the forecast period of 2021-2026. During the pandemic, businesses have been forced to move their operations online. Some estimate that the overall digital transformation was sped up by two years in the first two months of the global lockdown. Many changes are here for the long haul and with so many activities having moved online, there is a greater risk of breaches. According to the UAE Government Cyber Security, the UAE saw a 250% increase in cyberattacks in the first year of the pandemic. Thus, the importance of a strong cybersecurity platform keeps on rising.
down network and information generated from these devices is then proxied via the recording server. Working together on all levels forms the foundation of 5G/IoT and will demonstrate how the components of 5G architectures can be used securely to mitigate risks and meet industry sectors’ requirements.
Haider Muhammad, Community Manager, META, Milestone Systems
THE IMPACT OF 5G 5G is setting new standards for low latency, higher bandwidth, and speed for businesses which means much more than downloading a movie in seconds on your phone. It will expand to encompass all sorts of “things,” from autonomous cars, to augmented reality glasses, and will enable humans to act on societal challenges in new and far more effective and better-informed ways. Every new technology entails new risks that must be mitigated. In this case, these risks stem from the software-defined, virtualized nature of 5G versus the hardware foundations of earlier LTE mobile communication standards. Like with any risk, assessment, discovery, and planning is key and is a joint effort of the legislator, manufacturer, and the user. In a Video Management System (VMS) context, one solution is to use a system that supports network segregation wherein IoT devices are connected to a completely locked-
Cyber Security Tips for Companies One of the most important steps that companies need to understand, and implement is that they cannot collect data without cause. They need to have a good and lawful reason for collecting and storing their Video Management Software (VMS) data. They also then need to ensure that their video operations are compliant with their local data privacy regulations. Five areas that companies should be focusing on to ensure futureflexible and investment effective cybersecurity strategies (1) Awareness: Be aware of existing and potential cyber security risks and the mitigation options that secure VMS manufacturers have to offer. (2) Hardening: Build the tightening up of your VMS into your ongoing and dynamic process to ensure continuous robustness. (3) Training: Be knowledgeable of best-practices regarding designing, deploying, and using your system and train your users and colleagues. (4) Privacy: Maintain a ‘culture of privacy’ by ensuring that the system is compliant with local data privacy regulations. (5) Regular updates: Keep systems up-to-date with the latest drivers, patches and fixes to stay ahead of would-be hack.
WD_BLACK SN750 SE NVMe SSD The WD_BLACK SN750 SE NVMe SSD lets enthusiast gamers level up their PC or laptop gaming experience with PCIe Gen4 technology and storage space for more games. This DRAM-less internal storage solution leverages PCIe Gen4 technology (backward compatible with PCIe Gen3) to deliver read speeds of up to 3,600MB/s.With up to 30% less power consumption than its predecessor, laptop gamers can expect longer playtimes between charges.
WD Black SN750 SE SSD Specifications 250 GB 500 GB single-sided M.2 2280 PCIe 4.0 x4 Phison E19T None
Capacity Form Factor Controller DRAM
Sequential Write Random Read IOPS Random Write IOPS Warranty
1000 MB/s 190k 240k
2000 MB/s 360k 480k 5 years 300 TB
2830 MB/s 525k 640k
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
OVERVIEW: The DBA-X2830P Nuclias Cloud-Managed AX3600 Access Point is deployed as a premanaged, zero-configuration access point (AP) controlled through the D-Link Nuclias Cloud1. It is the best-in-class indoor access point designed specifically for enterprise environments. Featuring 802.11ax Wi-Fi 6 concurrent on both 2.4 GHz and 5 GHz bands, the DBA-X2830P Nuclias Cloud-Managed AX3600 Access Point offers high combined data rates to wireless clients. It provides lightning-fast access to bandwidthintensive applications such as data, voice and video streaming, even in highly congested environments.
D-LINK DBA-X2830P NUCLIAS CLOUD-MANAGED AX3600 ACCESS POINT
• • • • • • • • • • • •
Cloud Management Zero-Touch Deployment Real-Time Traffic Reporting & Analytics Device Geolocation with Google Maps Visualized Floor Maps Automated Monitoring & Alerts Multi-Tenant & Role-Based Administration Auto Channel Management Authentication via Customizable Captive Portal, 802.1x and RADIUS Server Social Login for Guest Wi-Fi Access End-to-End Encryption Over-the-Air Firmware Upgrades
PNY 3S-2450 PNY 3S-2450 is an AI optimized storage for deep learning acceleration and inference. It creates a central pool of ultra-low latency NVMe which can be shared amongst one or multiple DGX servers. Providing each DGX with the ideal level of resource without the need for upfront over investment. Simply connected via NVIDIA compatible lnfinißand / Ethernet, the unique RDMA protocol ensures the NVMe resource is seen and performs as if it were internal to the DGX.
FEATURES: • Storage Capacity • Bandwidth • Connectivity • Software Platform • Export compatibility • Software Licence • Form Factor • Warranty • Support
AOC U32UI MONITOR
Up to 360TB 23GB/s 2 x QSP28 EDR InfiniBand /100Gb/s Ethernet PNY NVMe-oF (InfiniBand or Ethernet) NFS (InfiniBand or Ethernet – RDMA or TCP) 3 years / 5 years on request 2U - 710mm deep 3 years 3 years 24/7 Premium Support
The U32UI is a 4K Nano IPS Display monitor designed by Studio F. A. Porsche. Its DisplayHDR 600 technology provides a significantly different visual experience. It's mounted on a smart stand that lets you adjust the tilt, rotation, swivel, and height for a more comfortable and ergonomic viewing experience. This monitor has larger color gamut, which means a more extensive range of the wide-gamut RGB color space the monitor is able to display. A standard monitor has only 72% NTSC color gamut, whereas Super Color boasts an incredible 114% NTSC or more wide color gamut, providing richer, more vivid colors. FEATURES: • Built-in convenient multitasking software • Brilliant visuals with ultra-detailed pictures • Universal respected standard for display visual • Maximum visibility for better focus • Lifelike colors with Nano IPS • Bringing depth to your colors • Powerful Connectivity • Connectable with other devices • Adjust the screen in all ways, always • Protect your eyes from screen flicker • Reducing shortwave blue light output for healthier eyes
DELL ALIENWARE M15 RYZEN EDITION R5 The new m15 combines cutting-edge technologies and new design features to deliver an uncompromised visual experience. Offering Alienware’s fastest displays on a 15-inch notebook ever, gamers can select up to QHD 240Hz or FHD 360Hz panels to deliver smooth gameplay. Gamers can also choose an optional ultra-low-profile mechanical keyboard co-developed with Cherry MX that creates a distinctive typing experience and supports perkey RGB lighting. SPECIFICATIONS & FEATURES: • Processor AMD Ryzen 9 5800H (8 cores/16 threads, 3.2 GHz to 4.4 GHz, 16 MB L3 cache) • Display 15.6-inch FHD (1920 x 1080) IPS display (165Hz, 3ms, 300 nits, ComfortView Plus) • Graphics NVIDIA GeForce RTX 3060 with 6 GB GDDR6 • Storage 512 GB PCIe M.2 SSD • Memory 16 GB DDR4-3200 (2 x 8 GB) • Audio Stereo speakers • Camera 720p HD webcam • Networking Realtek 2.5Gbps NIC, Killer Wi-Fi 6 AX1650x, Bluetooth 5.2 • Warranty 1 year • OS Windows 10 Home 64-bit
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
CRUCIAL X6 PORTABLE SSD Whether you’re downloading videos for offline travel, organizing family photos, collaborating with classmates, or heading off on a great adventure, the Crucial X6 is affordable, and ready to go wherever you do. With 500GB, 1TB, 2TB or 4TB of portable capacity, the X6 is the tiny drive with tremendous space. Perfect for transporting files between the office and home, traveling for business, or just adding extra space, no screwdriver required. FEATURES: • A lifetime of photos, all in one tiny drive • Faster & more reliable than hard drives • Movies and media on the move
ONE STOP MEDIA PLATFORM FOR TECHNOLOGY COMMUNITY
LEXAR PROFESSIONAL NM700 M.2 2280 NVME SSD Available Variants – 256GB, 512GB, 1TB Get the most out of your PC’s performance with quicker load times and transfer speeds so you can breeze through your day. The Lexar NM700 M.2 2280 PCIe Gen3x4 NVMe SSD will put you in the driver’s seat with speeds of up to 3500MB/s read and 2000MB/s write. With sequential read speeds of up to 3500MB/s and sequential write speeds of up to 2000MB/s, you’ll enjoy blazing-fast performance for your PC. That’s faster boot-ups, data transfers and application load times compared to a SATA SSD3. Unlike traditional hard disk drives, the Professional NM700 SSD has no moving parts, so it’s less likely to fail. On top of that, it’s also shock and vibration resistant2, making it one robust and reliable SSD.
FEATURES: • High-speed PCIe Gen3x4 interface: 3500MB/s read and 2000MB/s write1 – NVMe 1.3 • M.2 2280 form factor • 6.5x the speed of a SATA-based SSD3 • Ideal for power users • 3D NAND • Features LDPC (Low-Density Parity Check) • Shock and vibration resistant with no moving parts2 • Five-year limited warranty
UNIARCH IOT-UNEAR A30T VIDEO CONFERENCING CAMERA FROM UNIVIEW IoT-Unear A30T is a desktop all-in-one USB video conferencing device for small-to-medium-sized teams. This product has a 100° ultra-wide horizontal view and supports full HD video calls. Features like USB plug & play, general compatibility makes IoT-Unear A30T an excellent choice for conference rooms hosting 1-8 people and an online collaboration efficiency booster for all business teams. FEATURES: • Omnidirectional 4 microphones array algorithm, 5-meter far-field clear voice pickup • Exclusive AI noise-suppression technology, significantly increase concentration of conference participants • Real full-duplex, HQ uninterrupted communication • 100° full HD wide-angle camera, in-person conference experience • Plug & play, general compatibility with leading online conference platforms • Audio & video all-in-one, intuitive control experience