Post-Event Report: Help AG Security Spotlight Forum, June 2019

Security Spotlight Forum (SSF) is Help AG’s flagship cybersecurity event at which we get attendees up-to-date on the latest innovations in various aspects of cybersecurity, while also providing an excellent platform for networking among our partners and customers. It also gives us an opportunity to engage closely with our customers, understand their pain points and recommend the appropriate solutions and services according to their requirements.
The theme for the latest edition of SSF, held in June 2019, was The Power of Integration. Through the various sessions, conducted by some of the region’s leading cybersecurity experts, we shared how cybersecurity is growing smarter and more efficient through the use of integrated platforms and orchestration capabilities. We also covered how user behavior analytics creates higher fidelity events which are risk-focused instead of the traditional event-based approach. In addition, we also shined our spotlight on a key, but often overlooked, capability in the creation of any zero-trust architecture, which is controlling, managing and governing privileged accounts.
While there’s nothing quite like being there yourself, we thought it beneficial to share some of the key takeaways from these informative presentations.
Help AG: Managed Security Services – Because the Best Technologies Also Need the Best Processes
We live in a sophisticated, interconnected, global ecosystem. Traditional security controls are no longer enough to protect critical assets. By engaging Help AG Managed Security Services, our customers address their most pressing cybersecurity needs by having 24/7 access to protection against real-time threats in a fast-changing threat landscape; improved security posture to reduce the risk of compromise, better control of security expenses with manageable, budgeted costs, elimination of the pressure and difficulty of finding, training, and retaining knowledgeable security personnel, and of course compliance with regulatory requirements to avoid potential penalties.
Our current portfolio comprises

• 24/7 Managed Detection and Response
• Managed Security Controls (Managed WAF, Managed NGFW, Managed DLP, Managed NGAV)
• Managed Vulnerability Assessment
• Managed Threat Intelligence
• Endpoint Detection and Response
• Add-ons like Advanced Services Retainer Forensics, IR, Assessment of Security Control Configuration.

The focus of this session was to highlight that which technology can enhance efficiency, it doesn’t always come in-built with the processes and procedures for its optimal utilization and efficacy. A good MSS provider enables better understanding of your security events, their impact, the context around those events along with monitoring of critical assets 24/7, all year long.
Palo Alto Networks: Transforming Cybersecurity
Securing a digitally transformed enterprise requires consistent protection, tight integration, accuracy and automation. The Palo Alto Networks’ security strategy comprises three pillars- Secure The Enterprise, Secure the Cloud (Prisma), and Secure the Future (Cortex).
Prisma gives customers what they need to consistently govern access, protect data, and secure applications. The suite consists of four key components: Prisma Access, Prisma Public Cloud, Prisma SaaS, and VM-Series.
Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture, blending enterprise-grade security with a globally scalable network. Prisma Public Cloud provides continuous visibility, security, and compliance monitoring across public multi-cloud deployments. Powered by machine learning, it correlates data and assesses risk across the cloud environment. Prisma SaaS is a multi-mode cloud access security broker (CASB) service that safely enables SaaS application adoption. VM-Series is the virtualized form factor of the Palo Alto Networks NGFW that can be deployed in private and public cloud computing environments, including AWS, GCP, Microsoft Azure, Oracle Cloud, Alibaba Cloud, and VMware NSX.
The Palo Alto Networks Cortex platform unleashes a consumption model based in Software-As-A-Service (SaaS), that allows customers to dynamically engage apps to solve a nearly boundless number of the most challenging security use cases with the best technology available.
Highlighting the power of integration, Palo Alto Networks explained how one can obtain comprehensive endpoint data from Traps, including every file update and creation, process names, file hashes and path, registry changes, and CLI arguments, if applicable in Traps 6.0. One can then also get threat intelligence such as malware verdicts from WildFire. Customers can upload their own threat intelligence data to the Cortex XDR user interface, too. In the future, this will be made even more flexible, to seamlessly integrate with third-party feeds. And PANW automatically stitches all this data together to get the context needed to detect & investigate threats.
Demisto: Confession of a Former SOC/Threat Analyst
Patrick Bayle, CISM CISSP, Systems Engineer at Demisto, a Palo Alto Networks company, spent his first ten years of employment working for one of the largest financial institutions in the world during which time his responsibilities included threat hunting and investigations. He then spent four years working for a multi-national Security Integrator wherein his duties included implementing three Security Operation Centers (SOCs) from scratch for three different businesses.
During this session Bayle detailed the challenges all SOCs face as well how organizations are now streamlining SOC processes using automation. He went on to explain how with Demisto, SOCs could achieve significant reduction of risk, removal of blind spots, improved efficiency, greater staff retention, removal of plausible deniability and maximization of security investments.
Demisto Enterprise is a comprehensive Security Orchestration, Automation, and Response (SOAR) platform that combines full case management, intelligence automation, and collaborative investigation into a single console. Demisto ingests aggregated alerts from detection sources (such as SIEMs, network security tools and mailboxes) before executing automatable, process-driven playbooks to enrich and respond to these alerts. These playbooks coordinate across technologies, security teams, and external users for centralized data visibility and action.
According to Gartner’s research, by year-end 2020, 15% of organizations with a security team larger than five people will leverage SOAR tools for orchestration and automation reasons – up from less than 1% today. As this market matures, Gartner draws attention to the clear convergence among three previously relatively distinct, but small, technology markets – Security Orchestration and Automation, Security Incident Response Platforms (SIRP), and Threat Intelligence Platforms (TIP).
Exabeam: The Future of SIEM. Today
Exabeam Security Management Platform (SMP) empowers enterprises to detect, investigate, and respond to cyberattacks more efficiently so their security operations and insider threat teams can work smarter—not harder. Exabeam helps security teams save money on logging, improve threat detection, and increase analyst productivity. The Exabeam security data lake combines a modern big data infrastructure and predictable user-based pricing so you can collect and quickly search all of your data sources in a central repository without making compromises due to lack of scalability or budget.
Exabeam detects complex insider threats using user and entity behavior analytics (UEBA). This approach to threat detection reduces false positives and eliminates the maintenance overhead that traditionally results from the use of static correlation rules. UEBA not only identifies risky anomalies, it also recreates entire attack chains using Exabeam’s Smart Timeline technology.
Smart timelines automatically fill in the missing holes in log data with automated host to IP mapping.  This happens in real time, from millions of logs from thousands of users and machines which are constantly changing their IP addresses. The result is that while other SIEMs are making timelines from incomplete datasets, Exabeam can work from complete datasets and use those data sets to track activity wherever it goes in an environment.
Exabeam Security Management Platform (SMP) has approximately 300 integrations with IT and security products to help your analysts work smarter – providing inbound integrations with data sources from vendors to easily allow you to ingest as much data as possible; and SOAR integrations with 3rd party vendors to help you automate and orchestrate your security response.
Proofpoint: Reducing Risk with People-Centric Security
In this session, Martin Blackhurst of Proofpoint detailed how the threat landscape has fundamentally shifted. For the past few years now, attacks have been targeting people, not infrastructure. The move to the cloud is intensifying that trend. Threats today are not only targeting people, they are also activated by people.
Proofpoint focused on how understanding who your VAP (Very Attacked People) are is more than just checking a top malicious email recipient list. Proofpoint customers with TAP (Targeted Attack Protection) can see specifically which attacks their end users are receiving and which end users are most attacked. Often this data is very surprising, indicating that a company’s most attacked people might not be who you would expect.
TAP offers the most effective advanced threat protection solution on the market. It detects known and unknown threats in email (phishing attacks) that use malicious attachments and URLs. The quality and quantity of Proofpoint’s threat intelligence is key to its product efficacy. Predictive sandboxing is a unique feature in TAP that protects people before they click.
The TAP dashboard allows you to view forensic information across the entire attack chain and download reports, with all data in real time. The level of detail that TAP provides far surpasses many other solutions in the market. TAP can be deployed quickly, either in the cloud, or as an on-premises virtual appliance or hardware appliance, to protect people anywhere they work or access their email. This means protection is delivered on and off network, regardless of device they use.
Blackhurst also described how Proofpoint security awareness and training leverages industry-leading threat intelligence and learning science principles to deliver the right education to the right people at the right time to create your last line of defense, your end users.
BeyondTrust: Delivering Identity Based Zero-Trust Computing
Securing and managing Privilege Access is a tough problem to solve and it is only getting bigger and more difficult. According to Gartner’s Top 10 Security Projects for 2019, Privilege Access Management (PAM) is first on the list of priority security projects for organizations that have already adopted all basic security measures. BeyondTrust solutions disrupt the Cyber Attack Chain.
BeyondTrust delivers visibility and control across 3 main areas: Privileged Assets, Privileged Accounts, and Identities. The BeyondTrust PAM Platform is an integrated solution that provides visibility and control over all privileged accounts and users. By uniting the broadest set of privileged security capabilities, the platform simplifies deployments, reduces costs, improves usability, and reduces privilege risks.
BeyondTrust Password Safe unifies privileged password and privileged session management, providing secure discovery, management, auditing, and monitoring for any privileged credential. Password Safe enables organizations to achieve complete control and accountability over privileged accounts. Endpoint Privilege Management, powered by PowerBroker and Avecto, eliminates unnecessary privileges and elevate rights to Windows, Mac, Unix, Linux and network devices without hindering productivity.
The Final Word
As always, our SSF proved to be the perfect platform to showcase how the Power of Integration in cybersecurity can help them enhance security efficacy, improve operational efficiency, and help deliver highly secure business-enabling IT initiatives.
If you couldn’t make it, we hope this summary gave you a little insight into how leading cybersecurity companies are advancing the field. And I hope that it has also served to get you excited to attend our next edition. We look forward to seeing you there and until then, stay connected to Help AG Middle East through our social media channels, LinkedIn and Twitter for all updates related to our solutions, services, cybersecurity trends, expert insights and events.