Asia Monthly 3 Smart Home Security Trends to Watch in 2019 / PG-08 April 2019 Leadership Technology CEOs News Business Features CIOs 10 SR 2019 Best SECURITY Companies Nadav Arbel, Founder & CEO Enabling Organizations to Establish a Truly Honed Optimized Security Practice: CyberHat www.thesiliconreview.com
Everything you need to create anywhere Blank page to brilliant. Designer. Photographer. Filmmaker. Dreamer. No matter who you are, there’s something new for you in the latest release of Creative Cloud. With the world’s best creative apps and easy ways to get started, you can make anything you want, wherever you’re inspired. Make it. Creative Cloud. Marketing Cloud All the solutions marketers need We have Creative Cloud plans for everyone, starting at $9.99/mo.
www.adobe.com Document Cloud The complete digital document solution Special o�fers for: Students | Photographers | Business | Adobe Stock
EDITORIAL TEAM Sreshtha Banerjee: Editor-in-Chief Vishnu Kulkarni: Managing Editor Michelle Williams: Co-Managing Editor Editor’s Note CORRESPONDENTS Michelle Williams They want what you’ve got, Avinash Nayak don’t give it to them. Harshajit Sarmah Javid Ali Cybercrimes are evolving and keeping the organizations continuously challenged and ART DIRECTOR awake. With threats multiplying day by day, Smriti Kumari cyber security is not only becoming an increasingly important but a mandatory action taken to help VISUALISERS businesses worldwide fight against significant Mira Sengupta cyber issues. So but what risks do businesses face in G. Sai Pradeep 2019 and beyond? How to be pro-active? Parnasree Gangopadhyay S. Saipriyadarshini Given today’s evolving threat landscape, it’s understandable that organizations want to take SALES & MARKETING Sathish Kumar a proactive approach against threats, create an Preeti Kumari Prabir Biswas environment of continuous compliance, and have Kundan Kunwar Arun Kumar responsive it operations processes. Organizations Adhees Bhanja Deo Satrasala Kavya want to reduce risk exposure and the attack surface, Sunny P Choudhary Spandana detect and respond to advanced threats, and drive Sita Mounica down security operations costs. Here the only question is – How? RELATIONSHIP MANAGER Nabanita Dutta Here we introduce you to the cybersecurity experts, [email protected] The Silicon Review “10 Best Security Companies 2019.” These companies are not only the most ADVERTISING BUSINESS HEAD reliable cyber security solution providers, but John Allen, Project Head are helping other companies to overcome the [email protected] uncertainties. The companies enlisted are known for their simplest yet reliable cybersecurity Arjun Pandey, Project Coordinator solutions and pro-active ability. [email protected] Success recognized to the fullest! MANAGEMENT Pavan Kumar Kalla: Circulation Manager Best [email protected] VISHNU VARDHAN KULKARNI, PUBLISHER Managing Editor, Manish Pandey The Silicon Review [email protected] QUERIES [email protected] [email protected] GET IN TOUCH The Silicon Review Corporate Office: Silicon Review LLC, #3240 East State Street Ext Hamilton, NJ 08619 Sales: 510.400.4523 Development Office: Siliconreview Technology India Pvt. Ltd #32, 2nd floor, CMH Road, Indiranagar, 2nd Stage, Bangalore - 560038 PH: +91-7760351041 MAGAZINE SUBSCRIPTIONS To Subscribe with The Silicon Review and get 20% off on the Cover price Visit: www.thesiliconreview.com or Email us: [email protected] © Copyright Silicon Review LLC. All rights reserved reproduction in any manner is prohibited. Silicon Review LLC. Does not accept responsibility for returning unsolicited manuscript and photographs. Printed & Published by Manish Pandey on behalf of Siliconreview Technologies India Pvt Ltd at Printo Document Services Pvt Ltd. #1, Double Road, Indiranagar Second Stage, Bangalore-560038, India The Silicon Review’s circulation is audited and certified by BPA International (Audit Pending) (CIN:-U72200KA2014PTC075778) (RNI REG. NO. KARENG/2017/75691)
CONTENTS 10 ASIA SPECIAL - APRIL 2019 Volume - 3 | Issue - 4 The Critical Infrastructure Specialists: Kordia Solutions Hamish Guild, CEO Delivering unmatched business value to its customers through a combination 14 of process excellence, reusable frameworks, technology innovation, integration, and transformation: ALTEN Calsoft Labs Ramandeep Singh, CEO Transforming the way businesses innovate and operate though a deep 26 understanding of all aspects of information security: CyberQ Consulting Pvt Ltd. Dr. Rajiv Nag, Chairman & Director In The Spotlight: Secure Application, an Information Security Based Consulting 30 Firm, Leads the Security Space with Its Comprehensive Capabilities Shylaja Chandrasekhar, CEO Global Security Solutions Provider: SECUDE 32 Dr. Heiner Kromer, Chairman & CEO Providing a Barrier against Threats that May Harm your 36 Mobile Endpoints: Zimperium Shridhar Mittal, CEO Explained: 360 Enterprise Security Group Provides Users with Multi-Level, 40 Multi-Dimensional, and Systematic In-Depth Defense Solutions to Ensure Truly Effective Security Qi XiangDong, Chairman & CEO Focusing On the Attacker than the Attack: Illusive Networks 44 Ofer Israeli, CEO & Founder Achieve Faster and More Secure Product Development with 48 Secure Code Warrior 52 Pieter Danhieux, CEO, Director, & Co-founder Dathena Science Pte. Ltd.: The Universal Layer of Information Security that enables End-to-End Data Protection Christopher Muffat, Founder & CEO
FEATURE ARTICLES 08 3 Smart Home Security Trends to Watch Modern Web Applications and Their in 2019 34 Contribution to Handling Security in 12 Automobiles Security: The Need for Enterprises Improvement The Standard Security Perils 16 Blockchain could play a big role in cybersecurity 38 Associated With the Modernisation 24 Russians staring totalitarianism in the of Network face with internet isolation 42 What Does Securing Big Data 28 The Role of AI and Machine Learning In Platforms Mean in Today’s World? Cybersecurity Trend Micro, The Global Player 46 in Cybersecurity solutions Now Announces its Launch of MDR services Through Channel Ecosystem 50 Why it is important for smartphones to be completely secure COVER STORY PG-18 Enabling Organizations to Establish a Truly Honed Optimized Security Practice CyberHat Nadav Arbel, Founder & CEO
3 Smart Home Security Trends to Watch in 2019 Everyone knows smart home trends are on the rise and various home security companies have tried to involve themselves in this market. But the problem with this generation customers is that they expect tech that is usually seen in movies and or books. In other words, fictional home security is what this generation’s customers expect. But it is not possible to provide the exact same tech that portrayed in these movies or books. But tech that is quite closer to that is surely furnished. It is all thanks to the Internet of things that we are now able to see some amazing security tech at a regular house. An average person in India is now able to own his or her security IoT devices in India. With that in mind let’s look at three of the newest Home Security Trends that every company should know about. 8 APRIL 2019
The Video Door Bells The Smart Lock Clubbing Artificial Intelligence with Home Well, video doorbells are not new Gone are those days when people Security to the market. Many might have used to lock their doors with a seen this in movies and also have big lock. Have a number of keys in Artificial Intelligence is one such seen it in real life. It has already your pocket and more. We live in industry that is picking up pace made a huge impact in various an era where money is transferred rapidly. Many companies have countries, but India is yet to see through apps and share started implementing artificial it being implemented in regular information directly through our intelligence in their firms. Other houses. But it is expected to go phones. When we can improve on countries have seen better AI mainstream in India soon by so many things, why not the safety based cameras like the SimCam. making video cameras that were of our houses? This is the question It is a special camera that can developed in the past obsolete. many middle-class family house identify humans from objects. Already many in India have this owners ask themselves. This is It has special face recognition tech in their houses, but they where companies developing such features that allow the owner to belong to the upper middle class tech have to seize the opportunity. identify people who have already and higher level homeowners. It Middle-class families have started come home or have been seen is important for many businesses investing home lock system that is around the house. in this vertical to realize that computerized. Yet, it is the same it is possible for middle-class as a normal lock and key. It is In India, there are very few homeowners to offer the same time that you as a company take people who opt for cameras tech. Many companies like Nest imitative, start promoting this that constantly monitor your and Ring have already developed new tech and start selling before surroundings. But people have some amazing tech which till anyone else in the market does it. seen the problems in daily life. today is being used. Implementing these techs will Various businesses from different become mandatory in the future In New England, many companies regions have already made their like having cable TV or Dish. that offer home security have mark by coming into the home started providing video doorbells security vertical. India is one SR as a default feature in its services. such country where everyone is It is because every single person insecure about the environment. in the region buys this product Trusting a neighbour is also a anyway. India is known to catch problem in the country. Smart lock up with the trend very soon. is a perfect solution for all these Let it be fashion, routine, tech problems. and even home appliances. The growing thefts in India along with Smart locks are a tool which has the lack of security provided by a keypad or a fingerprint scanner our officials have put a doubt in or some other verification barrier, the minds of homeowners. Video which the owner alone knows. In Doorbells will soon be in trend the case of other family members with better quality and resolution. trying to enter the house, they will have their own unique code, or the other way is to have a fingerprint scanner. All in all, it is the right solution to keep your houses safe. APRIL 2019 9
new conduits incorporating trenching, boring, concrete cutting and core boring • Installation of customer premises wiring • Installation of the Premises Connection Device and the Network Termination Device as well as battery back unit if required Hamish Guild, CEO Low Power Wide Area Network: The key requirements The Critical Infrastructure Specialists of the Internet of Things include secure bi-directional Kordia Solutions communication, mobility, and localization services. For this to Kordia Solutions is an experienced professionals who happen, seamless interoperability Australasian company with work alongside its customers to among smart Things without the more than 600 staff. It grow their business. need for complex local installations uses innovative design, advanced is crucial. performance tools, and the latest Solutions and Services technologies to evaluate and LoRaWAN is a Low Power analyze clients’ telecommunications Field Services: Kordia’s Field Wide Area Network (LPWAN) network needs to find the right specification intended for wireless solution for their business. Its Services delivery team works battery operated Things in a experts work on both sides of the collaboratively with a range of regional, national or global network. Tasman (and beyond) and are highly customers to deliver quality This specification gives freedom to skilled in the design, deployment, and timely on-site and premise the user, developer, and businesses maintenance, and operation of connections throughout Australia enabling the rollout of the Internet telecommunications networks and and New Zealand. of Things. solutions. Key areas it specializes in include: SAED-Site Acquisition, Kordia’s mission is to build • Installation of new service drop Environment, & Design: connections clients can trust and make its digital world more cables from the main network Kordia understands the site secure, reliable, and resilient. It has (multi-port) through to the acquisition phase often holds the leading team in the industry, customer premises the least certainty, yet influences • Utilizing the existing pit and all dependent activities and pipe infrastructure or installing stakeholders. Successful site acquisition and effective design are keys to project success and total costs of ownership, which is why the company offer complete management of Greenfield, co- location, and upgrades across macro, small cells, and in-building solutions. Kordia’s national SAED team comprises highly experienced property, town planning, and engineering design staff, all of which 10 APRIL 2019
“Kordia builds the whole telecommunications network around a cutting-edge fault and task management platform.” are able to provide either stand- EME levels in their environment, • Public utility infrastructure alone specific SAED services or fully they can also take advantage of its assessment integrate the SAED function into NATA accredited EME measurement wider projects and programs to services. • Audit of telecommunications offer complete end-to-end solutions equipment and services for both wireless and fixed network Industries deployments. • Technical tender review Telecommunications: Kordia • Critical Infrastructure as a 5G Technology: While the delivers end-to-end solutions for service specifications of the fifth generation telecommunication carriers and of mobile networks are still to ISPs throughout Australasia. From Its unique, whole-of-life solutions be finalized, 5G is the next big planning, design, consultation, help to reduce risk, eliminate evolution in mobile technology. installation, and commissioning, unnecessary duplication and The introduction of 5G means that right through to operations and improve the overall operability of radical network re-engineering is maintenance. Kordia is also networks to ensure emergency first required from all three of Australia’s completely vendor independent, responders anywhere in the field mobile networks. which means its team has the have the right information at the flexibility and ability to tap into a right time. Kordia is a civil design contractor wide range of tools and techniques and approved structural design when providing mission-critical Meet the Leader certifier to the Australasian mobile engineering and technical services carrier industry. to mobile, broadband and broadcast Hamish Guild, Chief infrastructure owners. Executive Officer: Hamish EME Compliance: Kordia can Rail: Kordia works with public has extensive experience running assist clients with electromagnetic large scale national project, service, energy (EME) compliance for and private sector rail network and engineering organizations. A their transmitter antennas, EME owners and operators including passionate leader, he loves driving management for a new network, or major companies with dedicated people development, great customer RF safety awareness in general. rail networks and construction service and shareholder value. companies to deliver fully integrated Its experienced EME services team end-to-end communications SR provides high level consulting and solutions. concise EME reports and training. Its EME drawings clearly and Government: Kordia’s capabilities accurately show the RF zones of include: active antennas, making it easier • Radio networks design for them to manage EME safety onsite. If clients need to confirm governance, implementation and integration services APRIL 2019 11
Automobiles Security The Need for Improvement Everywhere in the world overseas. In India a couple of years car. It can be basic care that ranges people would have seen back we could see hardly few cars from 3 lakhs to 10 lakhs. an automobile. Let it be off on the roads in cities like Mumbai, road, on road or even automobiles Bangalore, Kolkata, Delhi and other The growing number of cars has that are used for other purposes major cities. Soon as the years went also attracted a lot of threats in like the ones used in airports and by the number of cars on the road the market. In India, we hardly see more. Growth is going intense. has also increased. Every single proper parking facilities in middle- There are many car brands in the person who belongs to the upper class houses. Hence, they are forced market, both Indian developers and middle class or middle class owns a to park the vehicle on the side of 12 APRIL 2019
the road. This makes it quite easy not wise to jeopardize a person or take the better of you. It is obvious for a thief to take over the car. Yes, a family’s life. Almost 60 per cent of that when there is a growth in a now the question arises, won’t the the buyer won’t go for the air bags vertical it will eventually attract car’s security system activate – since it is expensive and buying more and more business ideas, with alerting the owner of his car being a car itself is a task and on top of it many other competitors step in. compromised? Well, to answer all that adding additional safety The problem now is that owners that, let’s first consider hackers.No features which are actually sold for who belong to a completely different matter how good your firewall is or free in other countries makes any vertical step into a new play zone how good your security system is, Indian furious. just because they have the funds and a hacker finds a way to hack into a better ideas. This is where existing system and obtain confidential data. Focus Less on Mileage players lose customers. It is because a hacker is as smart as and More on Security any security developer. The same The competitor will obviously sell goes for the thieves who try to steal Many would agree to the fact that their product for a lesser price and a car or obtain some part of a car. mileage plays a major role in the with better tech or tech that is as With the growing technology, many market today. Every single middle equal to an existing player’s car. A of these thieves stay updated with class Indian is concerned more middle-class person would consider the latest tech used in a car. It is about the mileage than security. The all these factors and it is obvious evident that middle-class owner’s second is the price and offers that that a car is a car; it won’t lose its cars won’t have the luxurious come along with it. As a developer, value. Back in those days, it was all security provided for a high-level one must always keep their about brands and the status a car car like Mercedes S class or a sports customers happy. Just because the holds. Even now it is present but no car. This is where the thieves take market demands it doesn’t mean a one cares, so the owners just focus advantage, this doesn’t happen in company should do the same. The on money and comfort. Keeping all locations, but it is slowly picking sales will still go as planned even if this in mind, automobile should up the pace. In order to solve this you compromise on the mileage and change and maybe avoid threats. budding problem, we should end it focus on security. while it is just starting. SR Better Safety for Cars Implementation of Better Tech In other countries, airbags, safety belts and other parts of the cars Technology is improving drastically, come free. But in India on the other but the problem with the Indian hand, even a middle-class buyer market is that every single car that should pay for airbags and other comes out will only have one or two products to improve the safety of new techs. Companies should realize the car. To generate the money it is the fact that by doing so you are actually letting other competitors APRIL 2019 13
Delivering unmatched business value to its customers through a combination of process excellence, reusable frameworks, technology innovation, integration, and transformation: ALTEN Calsoft Labs ALTEN Calsoft Labs is a next- for Information security management In this era of Digital transformation, gen digital transformation, system covering the provision of every enterprise is working hard in technology consulting, resources, work environment for building multiple touch points and enterprise IT and product engineering software design, development testing, journey maps for their customers. The services company, that helps implementation, maintenance, customer expectations can’t be met customers to become smarter, highly enhancement, and support projects. with multichannel presences alone; productive, nimble and better at This certifies that the Quality good customer experiences with an predicting the future. Leveraging Management System of ALTEN Calsoft intuitive, simple, contextually relevant its extensive deep industry and Labs has been audited and found to be and exciting digital interaction that business process expertise, passion in accordance with the requirements personalizes all touch points during a for customer excellence, and proven of the Management System standard. customer journey does wonders. global IT services delivery model and network – it offers best of the breed Service Portfolio A carefully crafted customer offerings for Industry verticals like experience framework drives Education, Healthcare & Life Sciences, IT Consulting Services customer loyalty, new revenue Networking & Telecom, Hi-Tech, ISV channels, and cuts down the and Retail. ALTEN Calsoft Labs has been cost significantly. ALTEN Calsoft a pioneer in helping global Labs delivers compelling digital Since 1992, ALTEN Calsoft Labs has organizations in their enterprise experiences by developing an delivered unmatched and sustainable digital transformation journey. omnichannel architecture business value to its customers It enables enterprises with world comprising of: through a combination of process -class IT technology consulting • Personalized Digital interventions excellence, reusable frameworks, and services that ensure growth, technology innovation, integration, scalability and high performance on the front end and transformation. while mitigating risks. • API and Micro services in the ALTEN Calsoft Labs is a pioneer The company helps in building middle tier in delivering Business Innovation, effective organizations by enhancing • Big Data Platforms in the back end Integration and Transformation their competitive edge, enhancing through disruptive technologies like productivity and driving business Enterprise Digital SMAC (Social – Mobility – Analytics transformation. Its consulting Transformation – Cloud), IoT and Big Data. The firm services help enterprises work has mastered the art of addressing smarter, grow faster and transform The pace of business is accelerating. enterprise business and technology businesses by unlocking innovation, We are living in the age of technology challenges through its “Connected driving corporate performance and explosion where Digital Technologies Customer framework” that: governance. It provides a full range like AI, machine learning, Robotics, • Enables enterprise business of IT and Operations consulting IoT and Big Data are ushering a new services, leveraging its deep industry paradigm touching billions. Digital transformation, technology knowledge across industries and technologies are leaving an indelible innovation, and integration. technical expertise. mark, and reshaping every industry • Facilitates customers to thrive landscape and how organizations in the digital age by enhancing Customer Experience function in ways never heard of. There productivity and performance. has been a significant rise in digital Customer experience is indeed a transformation initiatives over the ALTEN Calsoft Labs has received competitive space. The ability to years and a lot of investment being accreditation certification of deliver a delightful experience to pumped in, to transform businesses CMMI level-3, DEV-1.3version, ISO every customer has become a key digitally. However, these initiatives 9001:2015 and ISO/IEC 27001:2013 differentiator for many enterprises. are challenged in reaching digital’s true potential due to organizational silos, legacy business processes and
Ramandeep Singh, CEO CEO Corner Ramandeep Singh: As CEO, Ramandeep is driving the engineering teams and strategic planning activities for ALTEN Calsoft Labs. He joined the ALTEN Calsoft Labs’ management team from Aspire Communications; a subsidiary of ALTEN Calsoft Labs. Ramandeep has over twenty years of experience in data networking, telecommunication, and semiconductor technologies. As a senior level executive, he managed strategic planning, business development, engineering and marketing related activities at various companies. Prior to joining Aspire, Ramandeep was Marketing and Operations Head at Luminous Networks. Ramandeep also served Corona Networks as the CEO. He was also a part of Nortel, Bay Networks, Mitsubishi, VLSI Technology and LSI Logic. Ramandeep holds a B.S. and M.S. degree in Electrical Engineering. technologies, and a myopic view by phases viz., Innovate, Launch, and Fortune 100 companies, in their IT & senior leadership lacking purpose, Scale Business Transformation initiatives clear goals, and objectives. and has delivered accelerated With the changing business and value via in-depth technology & In this context, ALTEN Calsoft Labs’ technology landscape, CIOs across the product expertise, strong industry world are redefining their priorities & functional knowledge, and well- Lean Digital Practice enables large & business objectives leveraging defined processes. Alten Calsoft Labs understand the need to sharing the enterprises to re-architect and re- existing IT investments and adopting same vision with the Clients and sharing the risks and thus most of its engineer their front, middle and back disruptive technology platforms. Alten Managed IT services are managed by office operations, helps prevent costly strict SLAs. mistakes by assuring technology Calsoft Labs realizes this changing decisions are aligned with the aspect of modern businesses and business and that those decisions offers a wide range of services in the result in the right business outcomes area of consulting, implementation, in line with organization vision. The system integration and managed ALTEN Calsoft Labs provides the company is committed to delivering services that enable organizations to continuous value to its clients by create a competitive advantage in the technical expertise, time and resources leveraging its unique Lean Digital marketplace. framework derived from helping more to manage various application environments. It delivers full benefits than 100+ clients innovate, integrate, Over the years ALTEN Calsoft Labs of critical applications disregarding and transform their business process has been supporting leading global issues like shrinking maintenance operations. The firm Lean Digital players in Manufacturing, High- budget, highly complex infrastructures framework comprises three distinct Tech, Energy & Utility, including and limited visibility into applications. SR “With a multi-cultural and transnational talent comprising over 33,700 employees, spread across 28 countries, we bring in competitive advantage, innovative and fresh perspectives to business challenges and promote a collaborative knowledge environment.”
Blockchain could play a big role in cybersecurity We live in the information erased or tampered with without ensure continuity of service and age, where personal others knowing about it. In other secure operations. data is everything and words, each of the ledgers in the cybersecurity is the most pressing blockchain network contains Blockchain is a relatively open concern. A cyber-attack has the entries for every single transaction, environment where most of the potential to cause more damage and and attempting to alter any one data is available for everyone in it, monetary loss than a conventional of them would alert others to the and copies of them are present on terror attack. The most common discrepancy. It is an extremely safe each node. This enables all the users target for hackers is data. Data technique of maintaining records involved to verify and corroborate is the perhaps the most valuable that has numerous applications. any information, ensuring that there commodity today, and with the is no unauthorized modification or right knowledge of its applications, Furthermore, blockchain also has deletion. What’s more is that since it won’t be an exaggeration to say the potential to act as an effective every single action is recorded into that data is probably as valuable as preventive measure against a blocks that are connected to other oil or natural gas. Industries such range of techniques used by blocks and linked to a user, the as telecommunication, banking, cybercriminals to disrupt systems. sequence of activities can easily be healthcare, information technology, Most messages sent over the traced back to their perpetrator. financial services depend on data internet are encrypted using private In this way, every activity can be integrity. With such a high value keys and decrypted at the receiver’s verified by everyone, providing a in the current scenario, it is no end using the same key. If hackers powerful deterrent to would-be surprise that cybercriminals have manage to gain the key, it enables cybercriminals. always gone after data. them to intercept all messages and discern personal user IDs and A brilliant application for Cybersecurity experts and hackers passwords, which in turn would blockchain is carrying out financial are locked in a constant struggle allow unauthorized access to vital transactions across international to outdo one another, emphasizing systems and data. Blockchain allows borders without central regulatory the need for a comprehensive organizations to use a distributed institutions like banks. The currency security solution. Blockchain is public key system to authorize users of exchange is called cryptocurrency one technology that could be the by their devices, where each device and is completely electronic and answer to most of the problems is assigned a special SSL certificate. ensures complete security. Many plaguing cybersecurity issues. It The data for the certificates are experts, however, don’t give much is a revolutionary concept that managed on the blockchain, making credibility to this idea, given the can change the face of how we it much harder for hackers to gain size and the clout of the banking protect data, and also has the any sort of unauthorized access. industry. Adding to this hurdle potential to replace banks as a is the inherently unpredictable centralized authority for regulating In addition to this, Denial of Service nature of cryptocurrencies. Unlike transactions. (DoS) is one of the most widely financial instruments like stocks used methods used by hackers and shares, whose valuations can be Its working is somewhat elaborate, to disrupt networks. It involves deduced, cryptocurrencies, on the but it promises information security flooding a central server with a very other hand, are next to impossible like no other. Unlike banks, data large number of requests, resulting to predict. This makes them rather centers, centralized servers, and in congestion caused by network unreliable. But there have been other institutions, a blockchain is a traffic that is greater than what the many startups that offer currency distributed, encrypted public ledger bandwidth can accommodate. It exchanges for blockchain based wherein each node in the network results in websites going offline and cryptocurrencies. contains a copy of the ledger. Every service disruption. Blockchain by single copy of the ledger records its very nature and decentralized Blockchain is a very nascent idea every single activity and transaction structure cannot be targeted by a and only time will tell if it would with a timestamp that cannot be Dos attack. This goes a long way to make a dent in cybersecurity. SR
Enabling Organizations to Establish a Truly Honed Optimized Security Practice CyberHat Proactive Cyber Defense Cybercrimes are growing with company and the data you have, solutions, including operating the the growth of technology. In CyberHat brings you a variety of world’s first Smart SOC as a service the present time, we see a lot protection. - CYREBRO. of data thefts, breaching, and loss CyberHat is a leading cybersecurity CYREBROs unique “pro-active” of confidential information all due company that designed, developed approach for a Security Operations to lack of cybersecurity. When the and operates CYREBRO. It is an enables organizations to take back unique and advanced SOCs (Security control of their security operations attacker can think out of the box and Operation Centers) as a service. and establish a truly honed and CyberHat empowers and secures optimized security practice. The breach into your systems, youcan organizations globally and across all company offers the industry’s industries in the most cost-effective first 100% technology agnostic, too do thatand protect your data manner. CyberHat’s elite teams of professional SOC-as-a-Service to experienced hackers, analysts and customers across all industries. against such threats. Since, YOU – as cyber experts, provide cybersecurity Supported by a state-level response a company must be one step ahead of all these criminals, procuring the right cyber security for your firm becomes crucial in the current market. In order to shield your 18 APRIL 2019
COVER S T O R Y APRIL 2019 19
team it is the first of its kind to technologies, working processes and understanding of; network provide an out-source elite level of procedures and a thorough proper forensics, network protocols, service and expert SOC. SIEM streamlining. malware and hacker’s propagation techniques and attack scenarios. CyberHat’s professional teams are CYREBRO reduces false positives comprised of elite Israeli hackers, and creates a clear, precise Various Teams Playing Intelligence officers and IT security and noise-free cyber-security their Part experts with years of private and environment. CYREBROs unique state level experience. The firm’s approach for Security Operations SET-UP Team security solutions are designed, enables organizations to take back executed and operated by elite control of their security operations The dedicated set-up team Israeli cybersecurity experts. and establish a truly honed and is focused on optimizing the Hackers, defenders and state optimized security practice. It offers monitoring infrastructure level investigators with state and the industry’s first 100% technology and verifying optimal SIEM corporate level experience. The agnostic, professional Managed SOC configuration. Through establishing company provides professional to customers across all industries. relevant log sources, ensuring rules cybersecurity solutions that enable Supported by a state-level response and correlations function correctly, practical and active defences, team, it is the first of its kind to and implementing current attacker’s allowing its clients to grow their provide a professional turnkey point of view functions, this team business while keeping a secure solution, Cyber Experts, technology ensures the optimal streamlining of working environment. and operations of a Managed SOC. the SIEM. Its experience comes from hands- The Four Tier Analysts Incident Response Team on deep cybersecurity forensic and postmortem investigations, Tier 1 Analysts The team is composed of analysts advanced hacking simulations and of different teams such as tier 3, cyber assessments for companies Tier 1 Analysts are CYREBRO’s tier 4, intelligence and professional of all sizes from the fortune 500 to first line of defence and detection. services. The team provides a small and medium-sized businesses. This team oversees first alert professional and methodical CyberHat protects financial services, interception, documentation, response based on years of retailers, telecoms, and energy and prioritization and initial specific IR experience and specific infrastructure organizations around investigation in accordance with a preliminary actions tailored for each the world. detailed guideline protocol. client. The team works on mitigating and containing the incident CYREBRO SOC Platform Tier 2 Analysts while preventing the spread to other systems and stopping any CyberHat provides customers with The team provides CYREBRO’s operational or intellectual damage. an opportunity to harness the full customers with an in-depth power and potential of the SOC alert investigation. This team The Intelligence Teams through CyberHat’s next-gen “Smart utilizes various security systems, SOC” called CYREBRO. CYREBRO, proprietary CYREBRO tools and With State level background its expert based SOC platform is unique investigative processes to and deep web experience, our designed, operated and managed by handle cyber incidents. intelligence teams are constantly experienced hackers and state level searching, analyzing and producing qualified defenders. Specifically Tier 3 Analysts valuable and relevant threat focused on quality and value intelligence for the SOC. monitoring and response, CYREBRO Tier 3 analysts hold vast Provides 24/7 detection, analysis experiences in the security field Type of CYREBRO and remediation of cyber-security and host-based forensics. Using threats, enabling the most practical those skills, they conduct advanced CYREBRO Core and effective approach to SOC forensic investigations and guide operations. T1-2 analysts on workflows and “CYREBRO CORE” is based on the procedures. customer’s existing SIEM solution, CYREBRO platform delivers real and provides 24/7 SOC monitoring value to businesses through Tier 4 Analysts coverage, with an end to end T1 optimization of existing security –T4 capabilities. This includes all These expert analysts hold SOC capabilities like specializing in vast experience in large scale detection, preliminary investigation, investigations, and have a deep 20 APRIL 2019
The Expert in Cyber Nadav Arbel Security and the Leader Founder and CEO of the Company “We know from firsthand Nadav Arbel | Founder and experience, that a good CEO defence is based on understanding the attacker’s Nadav has over 15 years of methods, the drive and experience in Cyber and IT the practical technical security for Military intelligence domain. Keeping this in and Law enforcement agencies at mind we provide you tactical and technological units, with the right solution specializing in cyber defence, for your business.” intelligence gathering and strategic technical systems. Cyber Hat is a company specializing in Cyberdefense services and solutions worldwide, providing strategic and tactical teams for Cyber intelligence, cyber and IT security architecture, cyber hacking and cracking, forensics and response capabilities and more, for various business and government sectors from finance through Telecom and Hi-tech and up to national critical infrastructure. Specializing in building and operating Cybersecurity operation centres – as a service, worldwide I.R. teams and real-time event management, Nadav established and commanded the Israeli Cyber and SIGINT technology unit for the Israeli Police between the years 2009 – 2012. Nadav has also carried out various roles in international technological companies from COO to Defense division manager, managing over 250 employees worldwide, responsible for the execution and deliverables of over 150 technological projects of various magnitudes and complexity simultaneously across the globe and managing business units of over 120 Million NIS. APRIL 2019 21
C veterans of the Israeli Military therefore are exposed to cyber O and various security agencies threats and cyber-attacks. on both the state and corporate V STORY level The Solution E Professional Services: Targeted Hacking Simulations – R Cyber Security Readiness CyberHat’s hackers & crackers team Assessment simulates high level sophisticated isolation of problems, minimizing hacking simulation that focuses false positives, mitigation and CyberHat’s unique cybersecurity on information assets rather remediation processes of cyber readiness assessment is based than information systems. The incidences 365 days a year. It also on years of practical offensive attack simulates a motivated helps its client utilize their existing expertise. It designed and built group of hackers that target the security systems to their maximum. a unique, on-site, professional organizational assets: source code, assessment that provides clear emails, financial information, CYREBRO One and tangible insights into an general production environment organization’s cyber defence and any other organizational level “CYREBRO One” is a ‘turn-key’ capability. The company evaluates assets. The hacking simulation solution for organizations that a client’s security readiness and provides the organization with have no SIEM or data collection provides a roadmap of remedial a unique experience of walking technologies in place. “CYREBRO actions which address three core through a real-life cyber-attack in a One” provides SIEM licensing elements: contained and safe environment. and set-up, SOC services, 24/7 • Resilience monitoring coverage; the end to • Response Scope of Work end T1 –T4 capabilities, advanced • Recovery abilities forensics and response capabilities. The Simulation consists of a 2 step The solution combines technology, The Firm’s Methodology process, designed to test both the expert skills, processes and external defensive capabilities and procedures and a managed end-to- CyberHat’s methodology is the internal defences. The Tests may end solution. focused on the gap between include any or all of the following: theory and fact. The assessment Unique Features of CYREBRO creates a clear and coherent External picture of the true cybersecurity • 100% technology agnostic posture of the organization and • All aspect of social engineering • Advanced forensic capabilities its ability to handle real-life cyber • Malware manipulations • In-house cyber threat incidents. Attack scenario analysis • Advanced Phishing (Internet or – CyberHat’s methodology includes intelligence a comprehensive analysis that Cellular) • Fast and cost-effective “Setup is carried out by tracing known • Circumventing protection attack phases and examining how time” a potential attacker could exploit systems • Offensive oriented design and the organization’s existing gaps • Examining of remote access throughout the different attack operation vectors. capabilities (VPN, Terminal, etc) • Extensive offensive and • External facing applications Targeted Hacking investigative experience Simulations Internal • Ongoing, customized, client- The Challenge • The resilience of networks facing reports and updates separation • Provides Tier1 to 4 multi-layer Almost all organizations base their core business on technology assets, • Internal employee rouge monitoring and response comprised of personal devices and simulation • Professional incidents response, critical operational servers with sensitive business information • Identification and alerts testing 24/7 expert response team connected to the network – and • Manual and in-depth testing • A unique, monitoring for logical problems in the optimization process, designed infrastructure architecture and for “Quality alerting” settings • Hands-on management and experience with all the world’s SR top SIEM technologies • Highly qualified and experienced analyst team, as 22 APRIL 2019
APRIL 2019 23
Russians staring totalitarianism in the face with internet isolation Cybercrime is a rapidly rising and implementing measures to same principles of the government threat to internet security, counter this threat. for the people, of the people and by causing millions in losses the people is used to legislate all the to individuals, corporations The internet is an extremely useful power to the privileged few? as well as governments. platform that connects people From disrupting government across the globe, enabling the The result is legally approved infrastructure and bringing spread of ideas from country to authoritarianism and an end to corporate operations to a grinding country, across continents. While internet freedom. Such a state of halt to demanding millions in cybercriminals pose an external affairs in any country would be ransom, cybercriminals are getting threat to internet freedom, the worse than cyber terrorism at its bolder and ever more audacious internal threats that stem from weak worst. The internet is perhaps with their attacks with each passing democratic institutions may pose the most important medium to year. However, in spite of the a larger threat to internet freedom. spread the ideas of civil liberties growing threat of cyber terrorism, Democracy has always been about and justice and censorship on companies, as well as governments, the people and not the powerful its usage is very similar to state- have been slow in enacting policy few. But what happens when the sponsored cyberbullying. Countries
where democracy and civil liberties people’s data, it can effectively servers outside the country. Such have been eroded constantly see establish a police state and erode a move is definitely a step towards governments that impose severe the privacy of the populace and put establishing comprehensive restrictions on internet usage. China an end to individualistic opinions of surveillance in Russia’s cyberspace. is perhaps the best example of people. internet censorship stemming from We live in the internet age and autocracy. However, Russia could Democracy was conceived to keep each user generates data. All that now be another entrant into the power away from the hands of data can be used to create a profile list of countries where democracy the few, but when a government about a person and determine if that is threatened by attacks on civil chooses to implement a mass online person would stir dissent among liberties and free speech. surveillance program by curbing people. internet privacy and gathering The Russian parliament is set to information on the online activity of When a government curbs online propose a highly controversial bill its own people, it is a definite step privacy, it is essentially putting a cap which would essentially isolate towards the end of democracy and on fundamental rights and freedom internet services in the country the establishment of a totalitarian of speech. It is nothing but state- from the rest of the world. When state. When people lose the right to sponsored cybercrime perpetrated news about this bill broke out, it criticize and question their leader, on its own people on a nationwide drew massive crowds, upwards of they lose something fundamental in scale. over fifteen thousand people on the their government. Citizens in such streets of Moscow, Russia’s capital. a country can be arrested without SR The protestors remain convinced trial for criticizing or even making that the bill is an effort to find fun of their leaders online. This was Russia internet and silence people who oppose actually the case last year when freedom government policies and curb a Russian citizen was jailed for a dissent. Russia’s president Vladimir month for a tweet that condemned Thousands protest Putin has been notorious in foreign the government. against cyber-security media for aggressively promoting Russia nationalism and many The newly proposed bill could bill experts believe that he is slowly gradually reduce Russia’s internet transforming Russia into a police traffic from being routed through state, similar to the former Soviet Union. When most corporations or government express concern over their cybersecurity infrastructure, it is implied that they protect their interests against outside aggression. However, in the case of countries like Russia, it is the government that people need to worry about. Having all the digital information about its people with little to no oversight can be worse than any cyber threat posed by foreign actors. When a hacker group gains access to personal information about people, it can perpetrate identity thefts, credit card frauds, financial crimes, etc. However, if a sovereign state without any sort of regulatory measures, oversight or checks and balances is able to collect its
Transforming the way businesses innovate and operate through a deep understanding of all aspects of information security CyberQ Consulting Pvt Ltd. Dr. Rajiv Nag, Chairman & Director CyberQ Consulting Pvt Ltd. is themselves with the latest aimed at helping companies such technology/tools to protect “CyberQ’s Security as the ones described above. It is a customers’ investments in IT Assessment services company that is dedicated to offer infrastructure and Applications. As help organizations in the best in class security advice an organisation, CyberQ not only timely identification based on its in-depth knowledge, provides its security consulting expertise and experience in services following rigorous of vulnerabilities, providing security consulting processes and standards but also evaluating the services to clients from India and follows a stringent Information risk and taking overseas. Security policy, especially in case of of remedial client related data and information. CyberQ: A Class Apart measures to find In conversation with the and fix security CyberQ has carved a niche for founder, Dr. Rajiv Nag vulnerabilities within itself and has worked with some their network.” of the biggest names in the Tell us something about the industry. While its strength lies in company. Modern day organisations the skills and experience profile have to face a lot of pressure of key personnel, each one of its CyberQ Consulting was founded in to comply with regulatory consultants are well experienced in February 1997 in New Delhi, with requirements, strengthen their their respective domains, with the the objective of providing process operations and performance, as well average experience being around improvement and information as improve their shareholder value. fifteen years. In addition to that, security consulting services. Over Moreover, the business environment they also have extensive software the years, CyberQ has worked with has turned to be hyper-competitive development experience having some of the biggest names in the IT making it extremely risky for worked in both India and abroad. industry in all parts of the world. organisations to afford ad-hoc Therefore, during training, the It has worked for over 650 clients security measures. In order to be consultants are able to share real spread over 24 countries. able to protect their intellectual life experiences with the audience, property and other sensitive making the interaction more Today, CyberQ is accepted as one customer and business information, meaningful. During consultancy, of the leading players in the areas firms need to have a comprehensive this reflects in practical and easy of IT Consulting, Software Quality security strategy that closely to use solutions without the rigors (CMMi Consulting and Certification matches business objectives. imposed by a purely academic Services, Process definition, approach. Training and independent audits), and Information Security CyberQ has several IT/Infosec Consulting/Audit services (Security experts with international Policy/Processes, Risk Assessment/ certifications and a strong R&D Management, ISMS Implementation, team who continuously update 26 APRIL 2019
Application and IT Infrastructure a broad consensus about the Security, Training, Compliance most critical security risks to web Audit). applications. Our past eighteen years’ experience Regarding IT Infra audit, Network The Driving Force in Information Security extends Security / VA PT requirement, behind CyberQ’s beyond 3,000+ man-months of CyberQ follows Open Source Meteoric Rise Information Security professionals. Security Testing Methodology We are empaneled with CERT- Manual (OSSTMM). CyberQ follows Dr. Rajiv Nag, IN since 2005 and are also CCA standards and practices and has Chairman and Certified. We have professionals experience of conducting audit Director, CyberQ having experience in Information in reference of IT ACT 2000.We Consulting Pvt. Ltd. Security for over ten years. are also ISO 9001:2005 and ISO 27001:2015 certified company. Dr. Nag is the Chairman Can you talk about your and Co-founder of CyberQ products and services in Testimonials of Success Consulting Pvt Ltd. He brief ? has held many senior “CyberQ’s quality of deliverables management positions We offer the following services. and services is excellent and so was over the years. He was a • Information Security performance of CyberQ team during Senior Advisor to KPMG • Network Security (PT VA) the assignment and they provided India (2010-2012), Director, • Process Consulting on time delivery (commitment to Asia Pacific and CEO, Bakst • GDPR consulting schedule). Overall, we are thoroughly Asia Pacific Ltd., Hong • IT Infrastructure audits satisfied of working with CyberQ Kong and General Manager • Mobile application security and wish to have a long term (Systems), Bakst Indika Pvt relationship.” - Larsen & Toubro. Ltd, India from 1988-1996. audits His earlier jobs included • Consultancy and security “We are proud to say that with Senior Manager (Systems), consultancy from CyberQ Consulting, JK Techno soft, New Delhi, Audit Services in Information Perot Systems TSI (formerly MIS Manager at Bhartia Security Implementations known as HCL Perot Systems) Cutler Hammer. He started (ISMS/ ISO 27001) has established the best security his career in India in the • System Audit of Storage of practices and processes to satisfy IT industry in 1980 with Payment Systems its business needs and meet the Engineers India Ltd., New • Application Security Audit BS7799/ISO7799 requirements and Delhi. • Implementing RBI guidelines it was successful in being certified as for banks and NBFS a BS7799 compliant organisation. Dr. Nag specializes The timeframe for the project was in Software process What do you feel are the about 8 months and the project was improvement and reasons behind your service completed without any time and cost quantitative measurement popularity? overruns.” - Perot Systems. initiatives. In his role as a CMMI/High Maturity Lead The primary reasons are a) “We are pleased to state that under Appraiser and a well-known our commitment to customer the guidance of CyberQ Consulting, consultant and trainer, he satisfaction and b) our commitment Rose IT Solutions Pvt Ltd is in the has been among the first to the quality of work we do. process of establishing the best ten High Maturity Lead Both these, in turn, stem from security practices and processes to Appraisers in the world to be the strengths that we derive from satisfy its business needs and meet authorized by the Software the professionalism and technical the BS7799/ISO7799 requirements. Engineering Institute, USA. excellence of our people. The timeframe for the project is about 8 months and till now there CyberQ tends to follow the OWASP is no time and cost overruns.” guidelines which are a powerful - Rose IT Solutions Pvt Ltd. awareness document for web application security. It represents SR APRIL 2019 27
The Role of AI and Machine Learning In Cybersecurity Time and again, individuals learning, data science and artificial to work, they need to be exposed to and firms have to come intelligence. Computers are getting months and months of activity logs. across email spam and data smarter day by day thus ensuring Eventually, they become capable breaches. Though there have been the safety of our systems. of achieving efficiency at detecting many advancements in the field of threats and anomalies. cybersecurity, we still do lack in our AI Algorithms Use security systems. It’s been a long Pattern Recognition to AI algorithms usually start by taking time since they have existed, and Detect Threats in the information required to set it’s not wrong to think that they a baseline of normal performance should have reached their complete Adding a strong layer of defense and keep track of new events from maturity by now and worked on to your network and software is there. The pattern thus developed every aspect to combat security necessary, and that won’t be done by from the calculation of new events threats. just switching to an AI based system help the machine learning system because machine learning also to recognise a hacker or a threat However, in reality, the problems involves harnessing data from the to the system. One more thing centered on cybersecurity will past and using it to your benefit in that is important to consider, continue to remain for the entirety the future. In order for AI algorithms when it comes to cybersecurity, is of our digital lives. Certain reports time. Time is really of the essence! have stated that the number of recorded malware attacks in 2018 have doubled to 5.99 billion than the cases occurred in 2017. It is obvious that experts in the security domain would want the trend to shift in the other direction, but cybersecurity is more proactive than reactive. One major reason to support that is the advancement going on in machine 28 APRIL 2019
It wouldn’t take much time for a to be critical of putting their trust This scenario will take some more hacker to invade into a firm’s system in cloud platforms that will contain time to happen because even the and either steal critical data or hold all of their sensitive data. This, in strongest AI cybersecurity tools it for ransom. Taking a situation turn, again generates a new range of that we know of needs collaboration like this into account, what can best potential threats and vulnerabilities. with the human world. describe the efficiency of any AI tool is its ability to recognise an attack at The latest AI and machine learning Currently, machine learning the earliest stages and send alerts to systems are all based on software systems are being developed to the right people. algorithms making it easier for be better and better at natural firms to get them deployed across language processing and trend There’s no doubt that their cloud infrastructure and analysis. However, at the end of cybercriminals will always be on the services. AI is finding its application the day, humans still can do a lookout for new ways of executing in the best of antivirus tools for better job at interpreting spoken effective attacks, and as a result scanning through servers and and written test thereby adding some have begun to leverage AI for finding instances of malware. The much value to the efforts put in their own purposes. This means that algorithms are smart enough to synthesizing the reports generated firms of all sizes have to invest in the learn everything on their own self by AI. Generally speaking, it’s not best machine learning software in and detect malicious softwares. sensible to let machine learning order to beat the competition and When businesses have an intelligent systems take control over the stay ahead of the game. system based on machine learning decision making process because watching over their systems, every AI is still not perfect at identifying Cloud Integration business of every size can be sure cyberattacks. Therefore, humans of a secure cloud environment need to be alerted in case of a The way how companies operate and protect them against malware threat, and they need to decide on the web, to a large extent, is now penetration. It is very tough to the next course of action. governed by the cloud computing completely eliminate the risk, no movement. Firms no more have matter what your cloud provider SR to host servers and equipment in says, but one should always ensure local offices or small data centres; the security of their applications instead of that, they can just take and websites by their own means. help of platforms like Amazon Web This is where AI comes in to offer Services and Microsoft Azure and effective tools to do that. get their systems shifted to the cloud. However, this has proved to Human Interaction Is be both a blessing and a curse in the Still Essential cybersecurity world. Now the question to ponder upon With the advancements in cloud is whether machine learning technology, companies have fewer algorithms will have the capability pieces of physical hardware to to be so smart that they reduce the worry about. But they surely have need for any sort of human input. APRIL 2019 29
In The Spotlight: Secure Application, an Information Security Based Consulting Firm, Leads the Security Space with Its Comprehensive Capabilities Shylaja Chandrasekhar, CEO As the modern day businesses without disrupting their ability to landscape. With our knowledge, get more and more do business. experience and global footprint, we dependent on networks to are best placed to help businesses stay competitive in the market, In conversation with identify, assess, mitigate & respond they also become more vulnerable Shylaja Chandrasekar, to the risks they face. We are to cyberattacks. It has been CEO of Secure passionate about making the witnessed that cyberattacks have Application Internet safer and revolutionizing been increasing at a steady pace the way in which organizations year by year, and information Can you brief us about the think about cyber security. security incidents and accidents history of your company? have become a crucial issue that How do you position your needs to be taken care of because Secure Application was started company in the current of their potential to adversely in the year 2005 with just five market scenario? affect an organisation’s business people performing application activities. This makes it absolutely security testing for medium size Secure Application is an indispensable for firms to double e-commerce Sites. Now we have independent provider of their efforts to counter such attacks. built a team of hundred employees Information Security Architecture, This is where Secure Application who are working in different client Strategy and Solution Integration comes in with its unique experience locations and catering to the needs services to a number of leading and latest technology that of customers for a variety of security global organizations and security completely caters to each and every solutions and services. vendors in both the public and vital security needs. private sector. Secure Application is an Secure Application is one of international expert in cyber Our continued success is firmly the leading consulting firms in security and risk mitigation that based on the experience and Information Security. It takes pride works with businesses to protect capability of our people. Our in being a leading independent firm their brand, value and reputation consultants are highly accredited, and works closely with its clients against the ever-evolving threat and we invest heavily in training on to address their security concerns an ongoing basis. We have strong foundations in a host of Information 30 APRIL 2019
Security Architecture frameworks, security measures gathering and investigations IT Governance Methodologies and • Application security testing • Proportionality providing industry best practice principles, • Penetration testing along with strong expertise in the • Mobile application security balance and relevance selection, design and integration of • Support providing what the solutions from a range of technical testing security vendors. client wants as well as what the How do you amalgamate client needs How do your products and latest technology with your • Continuous development of staff service offerings benefit business objectives? and technological resources your clients? Today, more than ever, successful What are your present and With the growth in cyberattacks and technology executives must help future focus areas? data breaches costing millions every their executive clients understand year to the business and public how technology fits into — or, even We wish to build a strong presence sector, cybersecurity is now high better, power in their business. in the cyber security market, and on the strategic agenda. By putting CFOs are typically attracted to lower focus more on ‘CYBER SECURITY AS proper cybersecurity assessments up-front costs and the ability to A MANAGED SERVICE’. and audits in place, organisations pay only for what you use. CMOs can define the right strategy and are typically looking to keep the Knowing the Visionary transformation program to protect company’s brand fresh and respond their sensitive data and assets. This to changing market conditions. Shylaja Chandrasekar, CEO demand for speed leaves many organisations feeling that there Secure Application is part of After joining as a CEO in the year is not enough time to spend on making this shift, but most of the 2008, Shylaja has replaced founders security, which increases the risk to hard work at the executive level and integrated $50m acquired their critical business applications. revolved around understanding business into mainstream global each executive’s pain points, what business while improving efficiency Secure Application experts they wanted to get out of cyber by 40%. Her leadership has scaled have unmatched experience in security, and aligning technology to the company to be the largest application/mobile security in help them meet their goals. Our new security testing company in South general and testing specifically. services include IoT security testing, India. Her ideas have created new Every test we execute is reviewed by mobile application security testing, businesses, bootstrapped several a security expert that analyzes the cloud security consulting, and cyber new products and services from results, reduces any false positives, security consulting. In addition, we the ground up into profitability that and provides remediation guidance. are currently focusing more on the is collectively valued at $70m. She In all but our most basic automated BFSI sector and ecommerce portals has been the driving force behind scan, a security expert will call your which deal with customer credit the company’s success through team to review the test and discuss card data. the combination of sound business the remediation guidance to help practices, leadership and expertise them fix what we find. Our core What would you say are the related to growing business through security services includes: factors that differentiate you developing services and around • A smooth transition from from others in the domain? software products. internal to external security Our services are underpinned by its She has co-invented a new product teams Core Values, which are: platform and business model for • Develop a security roadmap • Costing eliminating efforts on post-sales unique to your organization • Transparency and full legal support, enabling rapid product • Reduce the costs of robust cyber development and reduced 17% compliance software warranty cost of multi- • Ethicality in our information billion dollar product line over 3 years. “We are committed to staying on top of the latest 31 technology in the security industry. Adopting the Shylaja holds an MBA in HR from the situation and analyzing the environment are the University of Madras. She has also best tools taken by us to give customer support in completed her CISA in 2010. all circumstances.” SR APRIL 2019
Global Security Solutions Provider: SECUDE SECUDE is an established and other sensitive information ‘firefighter’ activities, the module global security solutions extracted from SAP systems. provides real-time insight into provider offering innovative By integrating directly with which sensitive data is at risk of data protection for users of SAP, HALOCORE protects data leaving the SAP system and sends SAP software. Founded as a with automated classification, e-mail notifications in case of data joint venture between SAP and blocks unauthorized reports, leakage. Fraunhofer Institute in 1996, and helps generate fine-grained SECUDE maintained a close SAP access policies. This innovative HALOCORE BLOCK: technology partnership and approach allows enterprises to became a reliable resource for maintain a high level of control HALOCORE BLOCK effectively security solutions for the SAP and security over sensitive prevents business-critical data market with ‘Single Sign-On’ for documents extracted from SAP and documents from leaving the SAP, which was acquired by SAP throughout their lifetime, even if protected SAP application and, in 2011. With a focus on making these have been shared via email, thus, protects against accidental processes for data security downloaded to a recipient’s PC, or or intentional data leaks. and protection efficient and printed as PDF. automated with little or no user Directly integrated into SAP, it interference, SECUDE’s goal is to HALOCORE MONITOR: works based on the HALOCORE minimize the cost of roll-out and audit log at the source of all operations. HALOCORE MONITOR audits recorded data flows. Users all exports and downloads of without a corresponding SAP- SECUDE’s solutions are trusted critical SAP data regardless of authorized profile would not by many Fortune 500 and DAX which egress point the data flows. be able to download files. listed companies. With branches Through pseudonymization, Furthermore, a granular, bespoke in Europe, North America, and the audit log meets, by default, policy can be implemented using Asia, SECUDE supports customers Works Council requirements. It automated data classification, with the implementation of IT is a key extension to the standard which tailors the control over SAP security strategies through a SAP Security Audit Log (SAL) exports to the specific needs of global network. and, furthermore, enriches the organizations. auditing data shown in SAP Solution Offerings Enterprise Threat Detection HALOCORE PROTECT: (ETD) and SAP Digital Boardroom, HALOCORE: HALOCORE is especially as it audits all exports HALOCORE, through its PROTECT using an automated classification module, extends the SAP access data security software that engine. Closing these GRC control shield for Intellectual protects intellectual property compliance gaps even during Property (IP), Personally Identifiable Information (PII) and “Data is your IP. Protect it before it goes out of hand.” 32 APRIL 2019
Meet the Leader Dr. Heiner Kromer, Chairman and Chief Executive Officer: Dr. Heiner Kromer is the Founder-Chairman of the Board of SECUDE AG. He brings over 30 years of experience as founder, partner, and CEO of high technology and consumer product companies. His experience and leadership powers SECUDE to be a force in the domain of SAP Data Security. He holds an Economics degree from the University of Erlangen-Nuremberg and a doctoral degree in Economics from the University of Zurich. Dr. Heiner Kromer, Chairman & CEO even Toxic Data and other sensitive Message from the As an SAP user, you would be aware data beyond SAP’s boundaries. Chairman that your data resides in the heart HALOCORE intercepts the data of your business operations – your being downloaded from SAP Data is the ‘new gold’. This adage SAP ERP system. But most SAP users and applies fully customizable may be clichéd, but with concepts are unaware of a hidden danger – classification labels to the document such as the Internet of Things, Big data leak due to uncontrolled user metadata. Data, Machine Learning, Artificial downloads and data flows in the Intelligence and so on, being background. Thus, there is a real need Additionally, HALOCORE is tightly increasingly leveraged by industries for solutions that monitor and block integrated with Microsoft Azure worldwide, it couldn’t be truer! such leaks from SAP applications. Information Protection (AIP) and However, this also means that data, fully supports the implementation such as IP, is the most precious I assure you that when it comes to of Active Directory, Office 365, commodity for any business and your precious data in SAP, you have and Azure Active Directory. Using one that must be protected against come to the right place. With over Microsoft AIP every document all threats – internal and external. twenty years of core SAP experience, exported from SAP is automatically In these days of heightened security we understand the nuances of this and efficiently encrypted at the challenges coming across in all enterprise platform as no other. In server level before it arrives on forms, technology, and human, fact, SECUDE’s origins are from SAP any device. Using the automated one cannot be too sure against itself and have ever since maintained HALOCORE classification engine, the array of challenges. But, as close technology partnership. granular authorizations and user our research and experience prove, Today, our solutions are trusted by rights are assigned to sensitive data, the greatest is the human factor many Fortune 500 and DAX listed allowing easy and secure exchange especially caused by the one companies. of documents between employees, weak link in the security chain -Dr. Heiner Kromer, Chairman, partners or suppliers. (malicious or otherwise). SECUDE APRIL 2019 33
Modern Web Applications and Their The recent years have services and IoT applications that shifted to the client side making it witnessed a constant increase offer a wide range of assets and more complex than ever. in the number of security security levels for different areas. breaches. News regarding such Increasing Complexity activities is non-stop, and therefore, Applications Tend To in Applications organizations need to realize that Evolve With Time Increases Opportunities they have to fundamentally rethink for Hackers their approach to protect their In earlier times, the applications applications and data. It has been and data that had to be secured Gradually, hackers have found out found that a significant amount were very simple when compared new ways to use the complexity of the security issues have come to the present day applications. and uniqueness of present from a new generation of attacks Back then, basic and simple day application structures to that specifically target application security solutions did the job of their advantage. And as every programming interfaces, which keeping hackers at bay while also organisation and application have resulted in infringements at offering broad and unmonitored has a unique vulnerability, this firms like Panera Bread, T-Mobile, access to authorized users. Their generation of security breaches Verizon, etc. In addition to that, major components of defense were can’t be identified by a signature. even Google and the United States WAFs or typical web application Moreover, it’s very tough for Postal Service (USPS) have been firewalls focused on perimeter developers to think in the exact known to show some major API protection and guarding against dubious ways that an attacker does vulnerabilities. known or predictable attacks, and as the expertise of a developer only that kept most of the hackers in centres on functionality and not What’s alarming particularly is search of undefended targets away. security. that breaches of these sorts are hard to detect; sometimes they go But, with time, the way in which Therefore, instead of expecting undetected for months together modern applications are built and sound development practices and even years despite the fact deployed has evolved so that they aimed at nullifying security threats, that organizations have deployed can function effectively in both protecting the modern environment advanced security systems and small and large organizations. Even with proactive ‘monitor and practices that are meant to application programming interfaces respond’ approach holds paramount safeguard them. The problem lies have multiplied across application importance. It’s completely in the dependence of organizations environments to enable a greater unreasonable to have an approach on security approaches that used access to a much broader range that only focuses on secure to work in many environments of users. At the same time, the perimeters and access controls. earlier. But times have changed quantity and sensitivity levels of now. The situations that existed the data generated and transmitted The APIs that form the core before are fundamentally different by applications have proliferated. of today’s applications are as from the ones that are prevalent Today, performing complicated complicated and one of a kind as in organizations now. Therefore, tasks can be done by just using a the environments to which they a new security perspective is laptop and mobile devices with web connect, and in their unique logic is necessary. Firms can opt for browsers. This means that process where hackers find vulnerabilities modern SaaS, mobile, web, micro- that required to be handled on the and take advantage. So an effective server side behind the firewall have 34 APRIL 2019
Contribution to Handling Security in Enterprises security approach for modern of APIs at the granular level, and security systems can distinguish web applications might be the one hence, fail to recognize regular the user initiating an action that offers a clear comprehension user behavior from malicious user through an API, the target of that of the activities that users behavior. Organizations have made action and whether that action is normally tend to have as well as various attempts to address the appropriate for the user, the API the location and way in which potential vulnerabilities by testing and the application. This approach sensitive information is stored. or white hat hacking each API, has the potential to identify the To be more specific, this indicates but this is a long experimentation most subtle and advanced threat that an effective security solution process that cannot match the that are attempting to exploit must help a firm to understand speed and intricacy of the modern unique features of an API or the unique logic behind each and development cycles, not to application to stage an attack or every API at a granular level so mention the evolution of hackers. steal data. Web applications have that they can become capable of come to evolve, and our security distinguishing possible pernicious So the most effective way to keep approach too needs to evolve to behavior and stop attacks. an attacker from exploiting unique match up with its pace. API vulnerabilities is to keep track Developing New of API usage in a way that the SR Approaches to Attain Application Security Unfortunately, the conventional security measures lack the understanding of the unique logic www js CLOUD HTML5 XML PHP .NET ENTERPRISE A P P L I C AT I O N S .com .net .org database APRIL 2019 35
Providing a Barrier against Threats that May Harm your Mobile Endpoints: Zimperium Shridhar Mittal | CEO The Face of the Organization So the IT infrastructure, specifically mobile, must adapt. Shridhar Mittal | CEO Artificial Intelligence Shridhar is the CEO of Zimperium. Previously he was the GM of the has been the buzzword, Application Delivery business unit at CA Technologies (CA), where he and it will continue to hit was responsible for creating the DevOps vision and establishing CA as a the stride. Do you think leader in the high-growth space. At CA, Shridhar ran a global organization enterprises should embrace and led the acquisition of Nolio. Shridhar came to CA with the successful AI to drive much advanced $330M acquisition of ITKO. Prior to ITKO, Shridhar had an 11-year career cyber security? with i2 Technologies in various roles including pre-sales leadership, sales leadership, and various marketing and general management positions. It depends on what you’re using AI He finished his career with i2 as the Chief Marketing Officer. for, and what problem you are trying to solve. In the case of endpoint Companies can finally defeat and limitations of cloud-based protection, AI makes a lot of sense. mobile security problems such detection—something no other Historically, endpoint protection as device threats, network mobile security provider can was accomplished through threats, phishing and application- claim. Headquartered in Dallas, TX, signatures - - you had a large based attacks with advanced Zimperium is backed by Warburg signature database and you compare machine learning. To provide a Pincus, SoftBank, Sierra Ventures, that against potential threats solution, Zimperium has helped Samsung and Telstra. looking for a match. The rate at define the market and it now which threats could morph as well stands as the #1 choice for Mobile In conversation with as the volume makes this approach Security Solutions & Mobile Threat Shridhar Mittal, CEO limited. Several new security Protection in the industry today. companies adopted AI as their base platform to deliver better security Zimperium, the global leader in What is the impact of cloud for traditional endpoints and they mobile device security, offers real- and big data on a company’s are slowly replacing traditional time, on-device protection against IT infrastructure and its endpoint security solutions. In the Android and iOS threats. The security today? case of mobile, there is no legacy Zimperium platform leverages its installed base to move from so you award-winning machine learning- As more resources and corporate have the benefit of starting with based engine, z9, to protect mobile information is moved to the cloud, it AI-based mobile security which is data, apps and sessions against will be accessed by various endpoint perfectly suited for mobile given device compromises, network devices. There are protections the overall signature issue and also attacks, phishing attempts and in place to ensure traditional some of the limitations you have on malicious apps. To date, z9 has endpoints are secure as part of mobile that don’t lend themselves to detected 100% of zero-day device the access, but very little if any large, overbearing security apps. exploits without requiring an protections are in place for mobile update or suffering from the delays endpoints (i.e. phones and tablets). 36 APRIL 2019
“ We are currently scaling various regions and aiding our customers by providing real-time on-device defense solution against known and unknown mobile threats”. A security firm has two big the customer is there is 100% is often integrated into the global responsibilities, one – to adoption, as the mobile security is IT security platforms of SIEMs or secure oneself from being incorporated into any app update MDMs. attacked and two –securing through the app stores. Lastly, other companies against z3A is our Advanced Application Do you have any new attacks. The first one can Analysis. z3A has analyzed millions product/service ready to be be tougher than the second; of applications and the over 5,000 rolled out into the market? how do you manage both? that are added each day to the app stores. The analysis gives We continue to evolve our existing Security is in our DNA so as we’re IT organizations insight into the products as well as lead the industry developing solutions for customers risk level of apps for privacy and in new and innovative solutions. that are industry leading, we security so they can make informed also apply the same mindset decisions on whether to allow those Where do you see your to our internal systems and IT apps into their environment or not. company in a couple of years environment. from now? What do you feel are the Can you talk about your reasons behind your service Mobile security is a key piece of the products and services in popularity? enterprise security ecosystem, and brief ? Zimperium will continue to lead We solve a real problem that the mobile security market through We have three primary mobile organizations have. Mobile innovation, customer service and security solutions. zIPS is our on- devices are the new endpoint strategic partnerships. device application that protects and the favourite attack target against all types of mobile attacks of hackers. We protect the new SR and is managed centrally through endpoints with a positive customer a Zimperium console and through experience at both the end user and integration with an MDM/UEM. It administrative level. relies on the underlying z9 machine learning-based technology. zIAP is How does your company based on the same z9 technology contribute to the global IT but in an SDK form factor for easy security platform at large? integration to mobile applications. The integration takes less than Mobile devices represent 60% of 10 minutes and delivers the same the endpoints in an organization. protection against various mobile Getting visibility into those threats. The benefit of zIAP to endpoints is critical. The visibility APRIL 2019 37
The Standard With the increased system, malware analysis Security adoption of cloud and sandboxing. For that, it Perils services, SD-WAN recommends organisations Associated adoption is booming thereby to deploy integrated and With the reducing the use of traditional dynamic threat protection for Modernisation corporate network models. multiple cloud connections of Network SD-WAN offers the promise at the cloud’s edge and of lower capital expenditures the customer’s Internet/ 38 APRIL 2019 and cut an organisation’s WAN gateway points. Let’s ongoing operational and take a look at the widely management costs by around recognised security pitfalls a half when compared to the that pose a threat for SD-WAN traditional hardware-based deployments. approaches. It also boosts up the network efficiency. Leaving Traffic without Inspection However, there is one area where SD-WAN is deficient Sometimes, users don’t in, i.e. advanced security have any idea about the functionality. According to a configuration of their statement from the research networks. As a result, the firm Gartner most of the internet-bound traffic that SD-WAN vendors support leaves directly from satellite basic capabilities such as offices in certain SD-WAN stateful firewalling and architectures is not inspected. VPN, but they still have to In many other cases, it so depend on security partners happens that the traffic is for advanced functionalities intentionally let to leave such as intrusion prevention without any sort of inspection
so that the MPLS backhaul could be most hackers. As soon as they Expanding the Area of reduced. infiltrate the network, they use Security Surface their malware in order to find other Moreover, there are a significant vulnerable devices and exfiltrate As many SD-WAN products and number of cases, where the data. However, lateral threats traffic under inspection lacks can be contained and stopped services are devoid of better critically important firewall and from spreading further if systems security capabilities, firms need endpoint protection capabilities possess the capability to detect and to add multi-factor authentication like intrusion prevention, SSL quarantine compromised devices. decryption and malware detection along with next-generation and response. Consequently, Inadequate Network firewalls and endpoint protection. malware and other attack vendors Segmentation They also need to take care of their will find it easy to compromise branch offices and mobile workers the security in remote sites thus It’s a tough job to secure traffic by adoptingcloud-based firewalls, infiltrating avenues for threats between workstations or other strong VPN, and authentication to reach and propagate inside an endpoints. Whenever, a threat protocols. With SD-WAN, firms organisation. or malware compromises a can avoid backhauling traffic to workstation, it’s not long before the headquarters and route them to the Lack of Proper Scrutiny problem affects other endpoints internet instead of branch offices at Endpoint Threats throughout the organisationas thus ensuring reduced security well. Network modernisation Presently, hackers prefer to implementations need to have the risks and encrypted network conduct lateral attacks that spread visibility that offers them a look from infected endpoints across the into the traffic and segmentation connections. network. This has come to become aspects in order to contain threats a widely preferred technique by as soon as they enter the network. SR APRIL 2019 39
Explained: 360 Enterprise Security Group Provides Users with Multi-Level, Multi-Dimensional, and Systematic In-Depth Defense Solutions to Ensure Truly Effective Security “360 Enterprise Security Group uses innovative means of Internet+ such as big data analysis to help the Chinese government and enterprises better respond to security threats.” New laws are taking effect is more committed to building behavior management product. It across the globe to regulate enterprise information security provides a powerful web the collection, use, retention, ecological environment. In today’s filtering, application control, disclosure and disposal of personal cloud computing and large data outbound information audit, information. At the same time, the age, the group provides users with and application-level bandwidth rate of cyber-attacks, data breaches multi-level, multi-dimensional, management. and unauthorized use of personal and systematic in-depth defense data is growing exponentially. In solutions to help them improve the Prevent and Block Malicious the current environment, it is more comprehensive response to new Network Activity – important than ever, particularly security threats and ensure truly • Detect and pinpoint network/ for those organizations handling effective security. financial data, health information traffic anomaly, take proactive and other personally identifiable 360 Enterprise Security Group action in real time information, to understand the was established in 2015 and is • Block access to sites associated rights and obligations of individuals headquartered in Beijing, China. with spyware, phishing and and organizations with respect to malicious mobile code personal information. 360 Enterprise Security • Block communications initiated Group: Synopsis by malwares like Trojan, In view of the above-mentioned Spyware, and Virus scenario, we’re delighted to present 360 Security Innovation 360 Enterprise Security Group. Center Protect confidential information from leakage – 360 Enterprise provides new- 360 Security Innovation Center, • Monitor the outgoing traffic, generation security products and built by the world’s largest Internet security services for the government security company 360, and with including web, email, IM, etc. for and enterprises. The Group has the world’s elite talent and top compliance auditing integrated 360’s technical, human technologies, has established three • Monitor files transferred resources, products, data and major research institutes: The through FTP, HTTP, MSN, QQ, service capabilities in the field National Network Security Research and Email of security. With “protecting the Institute, Enterprise Network • Alert and Block the security of the large data age” as its Security Research Institute, and unauthorized outgoing mission, “data-driven security” as its Personal Network Security Research messages technical idea, and data collection Institute. Representing the most and analysis as its support, 360 forefront network security thinking, Manage User Network Activity Enterprise has launched a number the most advanced security and Employee Productivity – of innovative security products and technology, and innovative security • Provide comprehensive security services urgently needed products in China’s network by enterprise-class customers. From security industry, it is an Asia- monitoring and analysis to cloud to terminal, from the business Pacific network security innovation evaluate employee productivity to the data, from individuals to center with global influence. loss due to non-work-related businesses, from before events to network activities after events, the Group provides 360 ESG Internet Control • Control 4,000+ protocols and users with ubiquitous protection, Gateway applications, including P2P and it not only focuses on specific download, IM, Streaming media, security threats protection but 360 ESG Internet Control Gateway online Gaming, brokerage and (ICG) is a professional Internet trading • Enforce policy according to user, application and content 40 APRIL 2019
Qi XiangDong, Chairman & CEO “360 Enterprise Security Group takes ‘protecting the security in the big data era’ as the mission, ‘data-driven security’ as technical thinking, and big data collection and analysis as support to provide escort and protection for enterprise users.” Ensure Business-Critical able to achieve precise control of or sent at intervals to designated Application’s needs for bandwidth – each kind of network applications, network administrators • Provide visibility of network a complete audit of all Internet • Syslog Reporting: supporting data. ICG provides multiple remote syslog servers to enable traffic, composition and trends internal ports and external ports, reporting so as to setup appropriate traffic to act as multiple bridges at the • SNMP Support: enables control policies exit of the enterprise network monitoring and management by • Guarantee bandwidth required between the edge router and 3rd party devices via the SNMP for critical applications core-switch standard • Limit or block the bandwidth- consuming/harmful applications Simplifies Management and Corporate Vision to avoid traffic congestion and Administration – resource waste ICG is simple to configure and manage, Our corporate vision is to providing: comprehensively enhance security Integrates Seamlessly with Existing protection ability and level of Infrastructure – • Centralized Management: the Chinese government and 360 ESG ICG supports multiple allowing multiple appliances enterprises and build a reliable deploy topology, it is simple to deploy to be administered via Security network environment for economic within your existing infrastructure; Management Center technology development. Current corporate there is no need to duplicate security (SMC), including system customers face unprecedented appliances or re-architect the network performance monitoring, health security challenges, which cannot infrastructure. monitoring, configuration backup be tackled effectively by traditional and scheduling and configuration security mean. 360 Enterprise • Mirror Mode: ICG on mirror synchronization Security Group uses innovative mode sniff network packets means of Internet+ such as big without affecting the normal • E-mail Alerting: configuring data analysis to help the Chinese transmission logs to trigger alerts that can be government and enterprises better immediately forwarded via email respond to security threats. • Inline Mode: this mode can be SR 41 APRIL 2019
a better ability and scalability to secure different types of data in different stages. What Does Securing • Encryption: Firms have to Big Data Platforms Mean in Today’s World? depend on encryption tools to secure data in-transit and Ever since big data has come granted; instead they should work at-rest across massive data into use, the amount of in close association with their volumes. These tools also need information managed by providers and have strong security to be capable of working with enterprises has skyrocketed. Data service level agreements. Some of different analytics toolsets and volumes have been constantly the typical challenges on the way output data. expanding and firms want to to securing big data are mentioned extract value from the data in below. order to tap into the opportunities • Centralised Key that it contains. But due to its • The relatively new technology Management: This is one centralised nature, it creates new of advanced analytic tools for security challenges. Also, big data big data and non-relational of the best practices to ensure deployments pose as valuable databases are difficult to protect data security. Usually used targets for attackers. with security software and in environments with a wide processes geographical distribution, When big data is subjected to centralised key management ransomware attacks and data • Data is sometimes mined by big involves on-demand key infiltration, organisations will data administrators without delivery, policy-driven have to go through severe losses. prior notification or permission. automation, logging, abstracting Therefore it is critically essential key management from key to secure big data platforms and in • The size of big data installation usage, etc. order to do that, a mix of traditional is way too huge for routine and latest security toolsets along security audits with intelligent processes to • User Access Control: Firms monitor security is needed. • Though security tools can protect data ingress and need to invest in strong user The Challenges and storage, they still fail to create access control to automate Pitfalls in Big Data the same impact on data output access based on user and Security to multiple locations role-based settings even if the management overhead gets Securing big data throw many • When the security processes high. That’s because practicing challenges on the path of are not regularly updated, firms minimal control can lead to organisations. These challenges are remain at the risk of data loss disastrous effects on the big not limited to just on-premise big and exposure data platform. data platforms but also pertain to the cloud. When it comes to hosting Big Data Security the big data platform in the cloud, Technologies • Intrusion Detection and firms shouldn’t take anything for Prevention: IPS enables Big data security technologies have been existing since a while, and security admins to protect there’s nothing new about them. the big data platform from However, they have evolved to have intrusion, and in case the intrusion attempt succeeds, the IDS quarantines the intrusion before and significant damage. • Physical Security: The importance of physical security systems shouldn’t be ignored. It can control the access of data by strangers as well as staff members who don’t have the authority to be in sensitive areas. SR 42 APRIL 2019
Illusive brought together top Deceptions in Financial litigation, patent applications, cyber-attack specialists and Services employee contracts—everything pioneering cyber technology important happen with legal entrepreneurs with decades of Financial institutions are one of counsel. Law firms traditionally collective experience in cyber the most high-value targets for have been underinvested in security warfare and cyber intelligence. It attackers who “follow the money” defences, so they are easy targets was built to tackle what has been and those intent on systemic for advanced cyber attackers. In a significant and urgent problem disruption. Despite the vast many cases, law firms are much for cybersecurity practitioners— resources financial institutions easier targets for attackers than the the challenge to stop Advanced devote to cybersecurity, one firm’s clients themselves. Persistent Threats (APTs) and challenge has been especially other advanced attacks that bypass difficult to solve: the challenge to Deceptions in security controls and silently gain detect and stop APTs before real Manufacturing access to organizations’ most risk- damage is done. sensitive and business-critical With relatively little PII and digital assets. Deceptions in Healthcare payment data to protect, many and Life Sciences manufacturers have felt relatively Given the frequency of successful safe from the cross hairs of targeted attacks, it decided not Whether your organization attackers. However, cyber attackers to continue with old approaches provides healthcare services, see things differently. With large and expect to get different results. health insurance, or cutting-edge investments in Intellectual Property A new approach is needed. Illusive medical devices and therapies, (IP) and the evolution of Industry looks at the problem from the health information systems have 4.0, manufacturers have become perspective of the attacker and become increasingly digital, attractive targets. exploits the attacker’s weakness. interconnected, and consumer- As fire needs oxygen, attackers – driven. In the process, they’ve also Today’s smart manufacturing once they have found their way become attractive targets for data relies on connected networks into a network — need reliable theft, identity theft, and insurance for manufacturing operations, data that will lead them toward fraud and worse, as the recent production asset management, their target. By saturating the spate of ransomware attacks has maintenance, and field service. environment with deceptive shown, cyber attacks on healthcare Internet of Things (IoT) devices information, Illusive creates a institutions can also disrupt vital are critical components of smart distorted reality that the attacker services. The impact: loss of patient manufacturing processes for cannot confidently navigate. It’s a trusts, significant financial losses, collecting, aggregating, and solution that disrupts the attacker’s regulatory scrutiny—and above all, delivering data. Complex connected operations — without disrupting the risk to patient safety. networks and IoT devices—plus yours. The company provides tools extended supply chains—create vast that help security teams detect and Deceptions in Legal opportunities for attackers to make resolve advanced attacks, to prevent Services their way in. Once embedded in the cyber incidents from becoming network, it may take an attacker business crises. Mergers and acquisitions, SEC weeks or month to find what they’re filings, corporate restructuring, Focusing On the Attacker than the Attack Illusive Networks Agile approach stops cyber attackers before they stop you.
after, but if they get to critical common: a vast and growing attack RFID merchandise trackers, wireless systems, catastrophic damage can surface. POS systems, and a growing number be done in an instant. of smartphone apps designed to Digital transformation and improve customer experience add Deceptions in Retail automation of supply and infinitely more avenues of potential distribution chains have moved entry for attackers. Customer trust Retailers maintain troves of the order-taking, payment processing, and loyalty separate retail winners customer, payment, card holder, inventory management, and from losers, so while there is an purchase history, and other data marketing operations online. Cloud increasing risk of downtime and that are irresistible to attackers. infrastructure helps preserve razor- data breaches, cyber incidents can From department store and big-box thin margins but also expands the also have a greater business impact brands to grocery and restaurant security perimeter. “Smart” shelves, than ever. chains, retailers have one thing in SR “Attackers have one fundamental weakness: they must make decisions — hundreds of them — during the attack process. We starve them of the credentials and connections they need for lateral movement. We surround them with deceptions so they can’t tell truth from fiction. One wrong decision... and it’s over. Your defenders have rich forensic insight to act. The attackers are caught. You win.” Moving Towards Success with the Company Ofer Israeli, CEO & Founder Having pioneered deception-based cybersecurity, Founder and CEO of Illusive Networks Ofer Israeli lead the company at the forefront of the next evolution of cyber defence. Prior to establishing Illusive Networks, Ofer managed development teams based around the globe at Israel’s seminal cybersecurity company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical Quantum Mechanics. Ofer holds B.Sc. degrees in Computer Science and Physics from the Ben-Gurion University of the Negev. Ofer Israeli, CEO & Founder
Trend Micro, Trend Micro is one The Vice President of the The Global of the players who Southeast Asia and India Player in has achieved a lot in of Trend Micro, Nilesh Cybersecurity the Cyber Security Jain said that the company solutions industry. It had held an has always been thinking annual Channel Partner to be a channel-focused Now Day event that happened in company. That is why Announces Gangtok, Sikkim. The event it is trying its level best its Launch ran for three days and many to deliver its solutions business leaders were part through channels. Channel of MDR of the event. CEOs, directors partners of Trend Micro services of many organizations, and are certainly considered Through major decision-makers to be a great asset. It is the Channel took part in the event. reason for Trend Micro’s Ecosystem In the event, people saw success. That is why the an engaging session on company has plans to do the changing security more with it and is trying to landscape that is happening build an ecosystem where in India. Furthermore, the the firm can leverage its event clearly showed that channel partners’ security there is a lack of skill set. operations centres (SOCs). Many organizations and Furthermore, existing individuals are yet to tap capabilities will also be into the world of security enhanced, the working and develop a solution for culture will be improved, these advanced hackers and innovative solutions will and data pirates. Securing be delivered to customers. the world in terms of data In the end, the major goal exploitation has become a is to grow alongside the major priority in today’s channel partners and create generation. a winning situation for both. To solve problems many During the event Trend companies showed an Micro had officially said updated program and that it will be providing showed ways to tackle such managed detection and threats. Trend Micro is response services in India. one such company which These Manage Detection and is developing momentum Response Services (MDR) around the TrendSetter is an outsourced service for Channel Rewards Program enterprises that are seeking that was launched in the to deepen the threat hunting previous year. The firm or investigation capabilities. wants to incentivize its The company had also channel partners’ sales. mentioned the shortage of Also, seek to incentivize cybersecurity professionals the technical team for the in India, for that MDR is a strategic solutions they offer. solution. It will aid in the 46 APRIL 2019
Trend Micro India Annual Channel Partner Day event in Gangtok & Sikkim augmentation of the company’s are being used by almost 33 out in its Bangalore’s office or training security team by providing external of 40 large banks in India. Seven facility. Bangalore’s training facility expertise and resources. This will of the top energy companies are is considered to have a state of the be allowing many to proactively also relying on the same. Further, art infrastructure, which means hunt for stealthy threats in the the top five IT enabled services the best quality of knowledge IT environment. This is the only which is the ITES companies are will be provided here by the way to avoid data breaches and currently using Trend Micro’s hybrid company. Eventually through this also stop threats at an early stage. cloud security solutions. The major people can take advantage of the Organizations should be doing this telecommunication companies are advanced systems engineering job and are the only way to avoid losing not behind; they are also using the opportunities that are budding confidential data. best network security and email in the IT Security Industry. hosting security solutions from The Vice President also shared Trend Micro. SR the roadmap of the future focus areas that will take place this Trend Micro further expands in its year for the Indian project. Apex certification program in IT security One is included for the endpoint (CPITS). It is a full sponsored security along with cloud security certificate that will last for two for firms that operate in a hybrid months. It intends to upskill people cloud environment. Through the use of MDR, network defence, more and the program is said to launch visibility through connected threat defence and virtual patching can be done. Trend Micro also has seen the tremendous growth in endpoint detection and response (EDR) and MDR in India. With this, it has even closed a few large enterprises deals around the country. Trend Micro’s connected threat defence solutions APRIL 2019 47
Achieve Secure Code Warrior was clients’ teams use the tools in Faster co-founded by Pieter its platform, the better they’ll and More Danhieux and Matias become at coding securely and Secure Madou, two globally recognized the less time and money will be Product security experts. Through their spent on fixing bugs. Development combined security experience with as developers, researchers, • One must embed security Secure Code trainers, and consultants, Pieter from the start, saving time, Warrior and Matias had experienced money, and resources in the negative impact of insecure the software development 48 APRIL 2019 code and were frustrated by lifecycle the industry’s focus on finding vulnerabilities, rather than • A powerful and measurable fixing or preventing them. Both layer of cyber protection recognized that improving secure for in-house or outsourced coding skills and outcomes would developers can be added add a powerful layer of cyber protection for companies and In a world that depends on would help them make better, software, developers need to be faster code. Developers didn’t the first line of defense for any need to become security experts, company’s security strategy. but they could be empowered positively to be the first line of • The secure developer skills defense for their organization. shortage can be mitigated The team pioneered an • Clients can give their innovative approach to organization a competitive improving secure coding skills edge and outcomes that is simple, scalable and positive, for both • Clients can equip their development and security developers with skills and teams. The team is driven by tools to succeed the knowledge that measurable improvements in security Solution Offerings compliance, consistency and predictability will be matched Secure Code Warrior is a proven by better quality and speed of suite of secure coding tools code writing. And that creates an within one powerful platform environment in which everyone that moves the focus from can enjoy spending more time reaction to prevention. The building, and less time fixing! platform trains and equips developers to think and act with Why Secure Code a security mindset as they build Warrior and verify their skills, gain real- time advice, and monitor skill With Secure Code Warrior, Clients development. can empower their developers to code securely, achieving Training: Secure Code rapid improvements in security compliance and consistency, as Warrior’splatform enables well as enhance the quality and developers to view their progress speed of code writing. The more throughout their journey. They can see which challenges they have completed, their strengths and weaknesses, time spent on training, and their accuracy.
The gamified aspect of the enables developers and AppSec Pieter Danhieux, CEO, Director, & Co-founder platform offers hints and allows to capture their knowledge developers to earn points and in a best practice or code “ collect badges, with anonymized guidelines and automatically leaderboards for teams. distribute that knowledge to We help the development team. Sensei you in The company is constantly provides an efficient solution building expanding and updating to prevent vulnerabilities, a positive the platform. Its platform empowering developers to security currently has hundreds of write secure code from the very culture that short challenges, covering over beginning. This puts an end to reduces 50 common vulnerabilities, time-consuming and expensive conflict including the OWASP top 10. fixes later in the software between It is also constantly updating development lifecycle. security and its suite of languages and development.” frameworks, and creating new Sensei also offers defense challenges daily. against vulnerabilities that already exist within the code. Tournament: Tournament Upon detecting an issue, Sensei highlights it while offering the on the Secure Code Warrior developer a pre-defined fix. This platform allows organizations allows developers to swiftly and to run competitive and engaging consistently correct an issue events that get the whole across the company without developer community involved. referencing the in-depth Players will be presented with research on how to remedy that a series of vulnerable code particular problem. challenges that will ask them to identify the problem, locate Meet the Leader the insecure code, and fix the vulnerability. All challenges Pieter Danhieux, CEO, are based on the OWASP Top Director, and Co-founder: 10 and they can choose from a range of software languages Pieter Danhieux is a globally to compete in the tournament, recognized security expert, including Java EE, Java Spring, with over 12 years’ experience C# MVC, C# WebForms, Ruby as a security consultant and 8 on Rails, Python Django, Scala years as a Principal Instructor Play, and Node.JS. Throughout for SANS teaching offensive the tournament, developers will techniques on how to target earn points and they can watch and assess organizations, as they climb to the top of the systems, and individuals for leaderboard and be crowned the security weaknesses. In 2016, ‘Secure Code Warrior.’ he was recognized as one of the Coolest Tech people in Sensei: Sensei works by Australia (Business Insider), awarded Cyber Security keeping every member of Professional of the Year (AISA - the team on the same page, Australian Information Security filling the gaps in security Association) and holds GSE, knowledge without requiring CISSP, GCIH, GCFA, GSEC, GPEN, tedious knowledge-based GWAPT, and GCIA certifications. updates and referencing. It SR APRIL 2019 49
Why it is Smartphones have become important for integrated with people’s lives. smartphones It is now completely possible using smartphones, to access to be all the data that once required a completely desktop computer. Every single internet service is now offered secure through mobile applications, in addition to desktops, with numerous 50 APRIL 2019 service providers have done away with desktop-based services altogether. Whether it is a mobile phone, tablet or a desktop, it is data that hackers are after. More and more working professionals today access corporate data from their smartphones. This results in a huge opportunity for cybercriminals to gain access to sensitive data and cost a company millions in damages. While most of the commonly available phones have protection against malware, there are numerous ways in which dedicated hackers can still
Search
