Security threats to our networks have become more lethal because of the fact that cyber criminals are using latest tricks and updated security breach mechanism for attacking us. The Integrator Magazine has taken a deep dive into the market analysis of how these latest security attacks are happening and what combat plans does the industry have.
Dependency on ICT has grown big. The phenomena of hyper convergence have led to the challenge of complexity. But ICT security threats have remained the biggest challenge for technocrats.
Security threats to our networks have become more lethal because the cyber criminals are using latest tricks and updated security breach mechanism.
Malware, insider threats, and ransomware – the ways in which cybercriminals can attack a company’s network and exploit vulnerabilities are vast. But some attack factors are bigger risks than others, and some have the potential to wreak more havoc than others.
While giving a perspective towards today’s market scenrio, Harish Chib, Vice President Middle East & Africa for Sophos said, “We understand that cyber criminals are graduating from one level to another. In order to deal with the latest threats Sophos has taken big step towards next-generation security. Organizations of every size know they need endpoint security and network security – they are two foundational pillars of any IT security strategy. But for too long, these two product segments simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability.”
Communication between its IT security solutions for endpoint and corporate network is very crucial. The world of IT security has become even more complex and more difficult to manage for enterprises of all sizes, thus it is time for a new approach to IT security solutions.
While giving a perspective on changing mindset of cybercriminals, Ray Kafity, VP of META FireEye commented, “In order to understand the status of cyber threats we must understand how the Cyber criminals are changing their mindset. The conventional cyber attack strategies have now changed and the cyber attacks have become more dangerous as the attackers have adopted newer techniques for cyber attacks.”
The Zero Day Attack Syndrome
“A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes vulnerability in software or hardware which can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves no opportunity for detection at first,” informed Ray of FireEye
The latest Zero-Day attacks and evasive malware represent the biggest and latest security threats with social engineering attacks and insider threats following behind.
Commenting on the latest security trends and new techniques used by the hackers, Saeed Agha General Manager of Palo Alto Networks said, “A Palo Alto Networks survey at Ignite 2015, our annual gathering of cybersecurity top influencers and professionals, uncovered the cybersecurity pain points and specific risks which feature among the top concerns. In the age of ‘Internet of Things’, prevention is the only viable path forward. At Palo Alto Networks, we believe that our prevention-based approach to securing enterprise networks ought to be applied to every industry that deals in Internet-enabled products and devices.”
In addition Agha also added, “When every organisation starts to think of their business, taking in to consideration the potential IoT, and breach prevention, this might look like a bigger challenge, but eventually this approach will provide far more value.”
Commenting on the latest Zero Day Attacks, Shahnawaz Sheikh, Distribution Channel Director META, Eastern Europe of D Software stated, “Zero Day Attacks have been there since many years but have risen in the last year or so, this year we saw many cases of Zero Day Attacks, especially the espionage attack campaigns targeting Government websites or watering hole attacks targeting the legitimate websites where millions of users visit regularly. By targeting those selected few legitimate sites, their aim is to infect malware in millions of users. In many cases the application vendors are responding timely to prevent the attacks on any possible vulnerabilities that exists. The better approach towards the safeguarding from zero day attacks is to protect your networks, cloud and applications with multilayered security or to patch the fix timely or to unplug some troubled plug-ins or applications.”
Sharing their perspective on this issue, Nicolai Solling, Director of Technology Services at Help AG said, “We are also seeing a shift in mentality. Typically whenever we would talk about network security there was an obvious focus on the corporate network and attached devices such as PCs and servers. However the explosion of smartphones and the increasing usage of cloud-based services have meant that malware is now more frequent on these types of platforms. Due to the growth of processing power and bandwidth, these devices will also become more and more interesting for the attackers and, for instance, botnets and DDOS attacks. This too has cause the industry to revaluate its approach and extend protection beyond traditional security measures.”
Effect of Latest Security threats in the Middle East Region
Middle East customers are always trying to adopt latest trends, leaving legacy solutions behind. Trends like cloud and data center virtualization, BYOD and mobility, SDN and cyberthreats are top of mind everywhere we go. None of those trends can be successfully adopted without a mature security strategy in place. Agha of Palo Alto Networks said, “Our goal is to enable region businesses to effectively run their business, maintain complete visibility and control of their network, and confidently pursue new technologies. Most importantly, Palo Alto Networks will help protect business from the most basic to sophisticated cyberattacks — known and unknown.”
A lack of a proactive security strategy puts a business or government in reactive mode, firefighting but incapable of intelligence, analysis and prevention of cyberattacks. The costs of such an approach are high, for example, expensive incident response teams, but does not enable the prevention of data restoration of valuable data after an attack.
“We urge organizations and government entities to invest in security technology that offers both detection and prevention, as well as actionable intelligence that goes beyond a “data dump” and identifies which alerts to prioritize and next steps to take.” Agha of Palo Alto also added, “It is worth mentioning that the new malware count is in the tens of thousands every day. The ability to address unknown threats in an automated, integrated and preventive way across all the enterprise is now paramount. In other words, being able to stop the worst from happening, whether it’s a known or unknown threat and in whichever form it takes, across the whole enterprise regardless of device type, content type or location is the biggest challenge for organizations here. Our enterprise security platform enables this.”
“The Middle East region has very high density of computing devices. Internet is getting consumed at smartphones, PCs and Tablets. Hence the Zero-Day vulnerability cannot be ruled out. In last two years, we have witnessed 29 Zero-day attacks. The threat levels are serious, and positive news is that FireEye have developed a security from these Zero-Day attacks,” Ray of FireEye said.
The Next Generation UTM Console
Commenting on the evolution of Network security through UTMs, Help AG’s Nicolai expressed his views by adding, “One of the greatest evolutions in the market, which actually spun off a whole new technical term, was the introduction of the Palo Alto Networks product line, which changed the way we consider UTM services, or the services that UTM solutions should deliver. The traffic flow controllers in these devices make decisions based on the application and then apply the advanced security features in parallel instead of in a sequential manner as was the case with the pure-breed UTM devices. This approach means that performance- which has traditionally been a major concern with UTM devices- does not suffer when applying the security features.”
Today most of the industry is trying to copy this approach to packet processing in order to be at par with this market leader in innovative technology.
Shahnawaz of D Software further added while explaining about market evolution of UTM console, he added, “It’s been years now, the UTM market has evolved to be a mature market with technology awareness and adoption across the various segments of the market, however the difference between awareness and adoption in various different countries of Middle East could be marginal between each other. With the growing concern on security threats in some sectors like Banking/Finance, Oil and Gas, Government, these segment of the customers are strengthening their defense and investing to build a secure business environment.”
In addition to this, Shahnawaz also explained key drivers of Next Generation Firewalls, he said. “The Next generation Firewalls are providing multiple layers of protection unifying into one single solution to combat and mitigate threats of various type. As this unified approach helps organizations minimize or eliminate any excess cost and management burden, this helps them in defining right ROI with comprehensive security that minimal TCO. The threat intelligence of UTM/Next Gen Firewall does not involve extensive involvement of customers resources of their skills set to keep up the security. The multi layered concept of UTM/Next Gen Firewall helps eliminate complexities at the engineering level bringing in the technology which is almost plug and play.”
One of the primary drivers for the adoption of UTM is consolidation. As security needs have become more and more complex, there is a requirement to consolidate some security features applied at the network level. Nicolai further said, “This consolidation is performed not just in order to optimise cost, but quite interestingly the consolidation of services actually enhances visibility into threats without correlating events from multiple devices.”
Harish of Sophos also informed about his organization’s preparedness towards next generation security offering. He said, “We know that the market is evolving hence our latest version of its UTM hardware series has an up to date versions of Sophos Cloud, Enduser Protection Bundles, SafeGuard, Sophos Mobile Control, Sophos Email Appliance and Sophos Web Appliance. We also have Cyberoam’s future-ready network security with its wide range of Next-Generation Firewalls and UTMs. These solutions are offering comprehensive solution to the corporate user of all size.”
UTM and NGFW solution offer a very strong value proposition to customers while still guaranteeing a very robust security model. With ROI being the prime focus of many CIOs and IT decision makers in the region, this makes for a very strong business case that is causing the market space for these solutions to grow. Furthermore, because of the evolution of the threat landscape, It would not be very wrong to say that the classic firewall platforms are almost obsolete today.
Chasing the Next level security
The next level of Network Security in my opinion is about collaboration and integration of adjacent technologies that can help businesses optimize their investment, resources, management burden, complexities etc., As the concept of UTM is more matured today, the fast adoption of cutting edge is not just in enhancement of this technology but also at the same time collaborating and adjacent technologies to give more effective and efficient way to manage end-to-end security with total control, visibility and simplicity.
While unleashing Palo Alto’s plans to combat the latest security threats, Saeed Agha also informed, “Palo Alto Networks is working with some of the most demanding industries to ensure their data and critical infrastructure remains safe from targeted cyber attacks. These organizations have learned firsthand the power of a next-generation security platform when it comes to safely enabling the use of all applications, maintaining complete visibility and control, and confidently pursuing new business ventures, while protecting the organization from the latest cyber threats. Our natively integrated platform brings network, cloud and endpoint security into a common architecture, with complete visibility and control, so your organization can detect and prevent attacks. This next-generation enterprise platform streamlines day-to-day operations and boosts security efficacy, and the one-of-a-kind, multi-layered defense model prevents threats at each stage of the attack lifecycle.”
Recently Palo Alto Networks had acquired CirroSecure, and with this acquisition, the company has enabled organizations to embrace SaaS as an extension of their IT infrastructure without security concerns. Aperture is Palo Alto’s latest addition to the security platform is developed as a direct result of this acquisition.
While commenting on the future of network security, Nicolai of Help AG added, “In Help AG we talk to our customers about the concept of the zero-trust network architecture. Its simplest sense, it means that we cannot trust anyone anymore. The three most basic principles of the model are- secured access for all resources regardless of location; stringently applied ‘least access’ control; and fine-grain monitoring and logging of all network traffic. The zero-trust model calls for the segmentation of infrastructure, and the creation of logical security zones, with more emphasis being given to having central security capabilities for controlling traffic between the zones.”