PLUS Fortinet Rolls out Next-Generation Firewalls to Deliver Intent-based Segmentation /06 www.smechannels.com india’s leading IT magazine for channel business VOLUME 09 | ISSUE 12 | PAGES 44 | FEBRUARY 2019 | RS 20/- SME CHAT / 19 Unistal: Our products are designed to prevent data leakage and provide protection against various SECURITY /22 FORTINET: Preparing for Cyber Threats in 2019 SECURITY /24 Check Point: Check point’s infinity architecture provides gen v security securing assets of organizations THE CHANGING IT SECURITY LANDSCAPE ONE SUPPLIER, TWO SUPPLIERS, THREE SUPPLIERS FOUR… FINDING THE RIGHT SECURITY PARTNER can sometimes feel like a never ending children’s game One for small business, another for mid-sized and yet a third for my large enterprise customers Fortinet is the only company that offers the full range of solutions that are needed in today’s environment, solutions that seamlessly scale from small business to large enterprise The Fortinet Security Fabric architecture ensures that organizations of all sizes can equally be protected without compromise Fortinet is there for you with no need for any games For details contact: North: Sanjeev Tyagi, E-mail: styagi@fortinet.com, M: +91 98105 00157 South: Binu Ninan, E-mail: bninan@fortinet.com, M: +91 98400 36767 West, East, Central: Navin Mehra, E-mail: nmehra@fortinet.com, M: +91 98925 60700 FORTINET SECURITY FABRIC A Security Architecture that’s Broad, Integrated and Automated www.fortinet.com/whyfortinet PLUS India Most Digitally Mature Country in the World: Dell /06 www.smechannels.com india’s leading IT magazine for channel business SECURITY/20 SECURITY/36 CYBER AWARENESS EMERGING CYBER SECURITY CHALLENGES – NEW THREAT LANDSCAPE SECURITY /39 WAYS TO PROTECT YOURSELF FROM CYBER CRIMINALS WHEN SHOPPING ONLINE MY EXPERIENCE EDITORIAL LOOKING BEYOND BOUNDARIES SANJAY MOHAPATRA sanjay@smechannels.com We just started our 2019 journey of events from Bangladesh The event is Enterprise It World and Infosec Foundation Global Security Symposium & Cyber Sentinel Awards 2019 A great experience to it because after doing some events in overseas market – specially in Dubai, we were under impression that it is the only exciting market in the APAC region but amazing Bangladesh growing at nearly 8% more than any other country – courtesy garment exports of the country, manufacturing of generic medicines and growth of banking sector among others But along with growth the country is seeing huge cyber attacks from the hackers Therefore, opportunity of doing business in Bangladesh is also great Bangladesh is the second largest exporter of garments to the global market after China, it has huge manufacturing units of generic medicines, it is also becoming stronger in contact center and call center services Bangladesh has also embarked upon strong digital journey It means ICT market in Bangladesh is on rise I was speaking to Mr M A Mannan, Honorable Minister, Ministry of Planning, Republic of Bangladesh about the country’s stride on it path He expressed his happiness that a journalist is taking interest in Bangladesh economy He quipped, “You invest in our country, we will give you all support whatsoever to make your business successful… take all profit and give a very little profit to us But I assure you that if you invest $1 dollar, we will offer you opportunity of $2 dollar We have a huge skilled population to help you Do not be worried.” My sense is our neighbour wants to compete with India which is really healthy can be another land where our partners and principals can explore It is only 45 minutes flight from Kolkata and food habit is like India You won’t feel like out of the country except the airport is little crowded Bitdefender Endpoint Security Solution BITDEFENDER ‘GRAVITYZONE ULTRA SUITE’ is a complete Endpoint Security solution that uncovers and stops elusive threats with Detection and Response (EDR) that works GravityZone Ultra integrates layered next-gen endpoint protection and easy-to-use EDR platform to accurately protect enterprises against even the most elusive cyber threats It offers prevention, automated detection, investigation and response tools so enterprise customers can protect their digital assets and respond to these threats GravityZone Ultra excels where most products are too complex and resources intensive GravityZone Ultra sharply limits the number of incidents requiring manual analysis, reducing the operational effort required to run an EDR solution SPECIFICATION: IT PROTECTS DESKTOPS, LAPTOPS, SERVERS (PHYSICAL AND VIRTUAL) AND MAILBOXES SERVERS SHOULD ACCOUNT FOR LESS THAN 35% OF ALL UNITS FINAL WORDING: Overall, the Software uses adaptive-layered architecture that includes endpoint controls, prevention, detection, remediation and visibility OVERALL RATING SME CHANNELS FEBRUARY 2019 contents Trusted Advisor of Channel Business VOLUME 09 ISSUE 12 2019 JAN ER COV RY STO Publisher: Sanjib Mohapatra Editor: Sanjay Mohapatra Associate Editor: Deepak Singh Sub Editor: Aritra Ghosh Designer: Ajay Arya Assistant Designer: Rahul Arya, Deepak Kumar Web Designer: Vijay Bakshi Technical Writer: Manas Ranjan Satya Sagar Sinha Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Nidhi Kujur, Priyanka Circulation and Printing: Panchanan Bhoi SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 / 8587835685 sanjeev@smechannels.com Bangalore #28/1, 3rd Floor, Sri Lakshmi Krupa, Near Shamanna Park, Model House Street, Basavanagudi, Bangalore - 560004 Ph No +91 88618 21044 Mumbai Tahmeed Ansari 2, Ground Floor, Park Paradise, Kay-Bees CHS Ltd.,Opp Green Park, Oshiwara, Andheri (west), Mumbai - 400 053 Ph +91 22 26338546, Fax +91 22 26395581 Mobile: +91 9967 232424 E-mail: Info@smechannels.com Kolkata S Subhendu BC-286, Laxmi Apartment, Kestopur Kolkata-700101 Phone: 9674804389 THE CHANGING IT SECURITY LANDSCAPE /26 Data security continues to become complex with the each passing day, but many companies have the propensity of softpedal the risks EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993 editor@smechannels.com Bangalore Bindiya Jadhav #28/1, 3rd Floor, Sri Lakshmi Krupa, Near Shamanna Park, Model House Street, Basavanagudi, Bangalore - 560004 Ph No +91 88618 21044 E-Mail bindiya@ accentinfomedia.com Skype ID: b1diyajadhav CASE STUDY MATRIX / 31 ”A MANUFACTURING GIANT IN MAHARASHTRA TRUSTS MATRIX VIDEO SURVEILLANCE FOR 24X7 SECURITY” SECURITY / 40 ”Threat Hunting - Need of the hour!” SECURITY / 38 DESIGNED BY ”The Need for Standardization in Digital Services Delivery” Printed, Published and Owned by Sanjib Mohapatra more inside Editorial ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 03 Place of Publication: 6/101-102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-46151993 / 41055458 Printed at Karan Printers, F-29/2, 1st Snippets ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06 floor, Okhla Industrial Area, Phase-2, New Products ~~~~~~~~~~~~~~~~~~~~~~~~~~~~41 Delhi 110020, India All rights reserved No part of this publication can be reproduced without the prior written permission from the publisher Subscription: Rs.200 (12 issues) SME CHANNELS All payments favouring: Accent Info FEBRUARY 2019 Media Pvt Ltd SNIPPETS PRODUCT | CHANNEL | CONSULTING | SERVICES for more log on to smechannels.com India Most Digitally Mature Country in the World: Dell According to the latest Dell Technologies Digital Transformation Index, India is the most digitally mature country in the world However, businesses in India still have a lot of work to Leaders in India are more aware of the need to prioritize digital transformation throughout their organization: 91% of the business leaders believe that digital transformation should be more widespread, compared to78% globally Almost half (48%) (51% globally), believe they’ll struggle to meet changing customer demands within five years Dell Technologies, in collaboration with Intel and Vanson Bourne, surveyed 4,600 business leaders (director to C-suite) from mid- to large-sized companies across the globe to score their organizations’ transformation efforts The study revealed that emerging markets are the most digitally mature, with India, Brazil and Thailand topping the global ranking In contrast, developed markets are slipping behind: Japan, Denmark and France received the lowest digital maturity scores “In the near future, every organization will need to be a digital organization, but our research indicates that the majority still have a long way to go Organizations need to modernize their technology to participate in the unprecedented opportunity of digital transformation The time to act is now” says Michael Dell, chairman and CEO of Dell Technologies Fortinet Rolls out Next-Generation Firewalls to Deliver Intent-based Segmentation Fortinet has announced its new high-performance FortiGate Next-Generation Firewalls (NGFWs), comprised of FortiGate 3600E, FortiGate 3400E, FortiGate 600E and FortiGate 400E Series, enabling organizations to implement Intent-based Segmentation into their security architecture SME CHANNELS FEBRUARY 2019 Intent-based Segmentation allows organizations to achieve granular access control, continuous trust assessment, end-to-end visibility and automated threat protection In addition to delivering Intent-based Segmentation, FortiGate 3600E offers 30Gbps threat protection and 34Gbps SSL inspection performance FortiGate 3400E offers 23Gbps threat protection and 30Gbps SSL inspection performance FortiGate has a longstanding trajectory of earning NSS Labs Recommended ratings in the Next-Generation Firewalls group tests given its high SSL inspection performance with minimal performance degradation as one of the reasons “The new FortiGate 3400E and 3600E Series provide industryleading threat protection and SSL inspection performance allowing customers to implement a holistic end-to-end architecture” says Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet SNIPPETS Sestek Becomes Avaya DevConnect Technology Partner Sestek, a provider of speech-enabled smart technologies, has become an Avaya DevConnect Technology Partner Through direct R&D engagement, deep product integration, and strong support relationships, the Avaya DevConnect ecosystem delivers a wider range of technology options for Avaya users to drive their business forward and provide value to their customers, from ready-made solutions validated for interoperability to custom-tailored applications By joining the Avaya DevConnect Program, the two companies will explore uses of Sestek’s advanced technologies with Avaya’s leading communications platforms Sestek will develop enhanced applications for Avaya platforms to provide customers with end-to-end solutions that address the evolving business challenges posed by digital transformation Avaya’s DevConnect Program is intended to drive expansion of the open and agile Avaya application ecosystem so that more fully formed solutions can be delivered through its platforms The program is designed to deliver more customer-centric outcomes for technology buyers, who can be confident that they are gaining access to the most advanced and innovative technologies they need to deliver solutions across the business NetApp Powers Ducati’s Team for the 2019 MotoGP Championship NetApp confirms second year as official sponsor for the 2019 MotoGP World Championship NetApp will renew its official sponsorship of the Ducati Team in the 2019 MotoGP World Championship, enabling the digital transformation of motorcycle racing The new Ducati MotoGP team was presented officially on Friday, January 18, in Neuchâtel (Switzerland) Data-driven technological developments on the racing bikes will boost the performance of factory riders Andrea Dovizioso and Danilo Petrucci, supported by test rider Michele Pirro As a data-driven company, Ducati began its partnership with NetApp last year to take advantage of the full potential of data in racing within the Ducati Corse division It recently expanded the partnership to analyze vast amounts of data throughout its business, including in logistics, marketing and customer relationship management Through the partnership, NetApp’s engineers are working closely with Ducati’s IT team to optimize their data fabric and meet the motorcycle manufacturer’s unique, rapidly expanding data storage and data management needs SME CHANNELS FEBRUARY 2019 Cryptominers Hit 10x More Organizations than Ransomware in 2018: Check Point Check Point has published the second instalment of its 2019 Security Report It highlights how the tools and services used to commit cyber-crime have become democratized, with advanced attack methods now available to anyone willing to pay for them, as part of the growing ‘malware-asa-service’ industry The Security Report reveals the key cyber-attack trends observed by Check Point researchers during 2018, and shows the significant growth in stealthy, complex attacks designed to stay below the radar of enterprise security teams It also shows the types of cyberattacks which enterprise IT and security teams’ rate as the biggest threats to their organizations Cryptominers infected 10x more organizations than ransomware in 2018, but only one in five IT security professionals were aware their company’s networks had been infected by mining malware Array Contributes to Smart Cities Mission MY POINT “NEVER HAVE WE SEEN CUSTOMER EXPECTATIONS OR TECHNOLOGY CHANGING AS RAPIDLY AS IT IS TODAY, WE ARE THRILLED TO BE ADDING THESE PROVEN ENTERPRISE LEADERS TO ZENDESK SO WE CAN HELP MORE COMPANIES AROUND THE WORLD TRANSFORM THEIR CUSTOMER EXPERIENCES.” MIKKEL SVANE, ZENDESK FOUNDER AND CEO Array generates $5 million revenue from smart cities projects, targets $9Mn by 2019 Array Networks is supporting ‘100 Smart Cities Mission’ initiated by the Union Government of India The company has been involved in various stages of implementation for multiple cities namely Nagpur, Ahmedabad, Davengere to name few Smart cities projects have contributed to Array growth rate in 2018 of 40% By the end of 2019, Array aims to be part of 20 more smart cities and targets on keeping the growth momentum Smart infrastructures and smart Data Centers (DCs) are at the core of smart cities and they manage, coordinate, and rationalize the resources demanded Array has assisted in devising futuristic data centers for smart cities by introducing unique concepts such as Hyperconvergence in networking into the DCs Their advanced security solutions are designed with network security protocols like ECC It enhances application security, and provides complete visibility into various threats and performance inhibitors, allowing organizations to make informed and proactive security decisions Array’s hyper converged solution stack include ADC, Web application firewall , DDoS , Web vulnerability scanner , SSLi & Array MARS Visibility & analytics tool SNIPPETS Bosch Opens Center for Data Science and Artificial Intelligence Aspire Systems acquires UAE-based iApps and the Oracle Business Unit of Valforma The Robert Bosch Center for Data Science and Artificial Intelligence was inaugurated at the Indian Institute of Technology Madras Bosch will invest 20 crores over five years in the center The mission of the new center is to create societal impact through multidisciplinary interactions with government, academic, research and industrial collaborators on core challenges in Data Science (DS) and Artificial Intelligence (AI) The RBC-DSAI will undertake foundational research in many areas of AI and Data Science, including deep learning, reinforcement learning, network analytics, interpretable machine learning, and domain aware AI The areas of activity include research projects, knowledge management and dissemination, outreach projects, and setting up collaborative facilities and laboratories Aspire Systems, announced the 100% acquisition of iApps, an Oracle Fusion Cloud specialist, based in UAE In addition, Aspire is also acquiring the Oracle Business Unit from Valforma Technology Services Private Limited iApps is an Oracle Platinum Cloud Standard Partner with deep expertise in Oracle Fusion ERP, HCM CX, Oracle PaaS and Omni-channel Contact Center The acquisition of iApps and Valforma will help Aspire service mid-size and large enterprises in their move to the cloud from on-premise applications These acquisitions also enable Aspire’s focussed effort to address the postmodern ERP strategy that involves surrounding core ERP solutions with best-in-class cloud solutions to enable faster processing, better collaboration and easier-to-use analytics Aspire’s global customers will now be able to leverage the Oracle Fusion Cloud expertise of iApps and Valforma combined with the highly specialized Cloud & Digital Services capability that Aspire offers In addition, the capabilities of iApps and Valforma will also help Aspire develop cloud-based IPs including iEstate, iAutodealer, iPublish, iQuote, and iEnergy which are industry-specific Oracle Fusion Cloud implementation accelerators GLOBAL IT SPENDING TO REACH $3.8 TRILLION IN 2019 EXECUTIVE MOVEMENT DigitalOcean has appointed Barry Cooks as chief technology officer All Segments Forecast to Exhibit Growth in 2019 Despite Recession, Brexit Threat Table Worldwide IT Spending Forecast (Billions of U.S Dollars) 2018 SPENDING 2018 GROW (%) 2019 SPENDING 2019 GROWTH 2020 SPENDING 2020 GROWTH (%) (%) DATA CENTER SYSTEMS 202 11.3 210 4.2 202 -3.9 ENTERPRISE SOFTWARE 397 9.3 431 8.5 466 8.2 DEVICES 669 0.5 679 1.6 689 1.4 IT SERVICES 983 5.6 1,030 4.7 1,079 4.8 1,399 1.9 1,417 1.3 1,439 1.5 3,650 3.9 3,767 3.2 3875 2.8 COMMUNICATIONS SERVICES OVERALL IT SOURCE: GARTNER (JANUARY 2019) 10 SME CHANNELS FEBRUARY 2019 mjunction has appointed Vinaya Varma as Managing Director and CEO of mjunction services limited, Sophos has appointed Gavin Struthers as its regional vice president for Asia Pacific and Japan Agrahyah Technologies has roped in Naveen Kallur as Business Head COVER STORY “SOME ATTACKS WHICH TARGET THE IOT ARE LIKELY TO BE COMPLEX AND DIFFICULT TO DEFEND AGAINST” AVINASH GARG , DIRECTOR, CHANNELS & ALLIANCES, FIREEYE, INDIA “WITHOUT A STRONG SECURITY AND DATA RECOVERY POLICY ORGANIZATIONS REMAIN VULNERABLE TO WANNACRY’S IN FUTURE THIS IS SURE TO ESCALATE TO DATABASE AND APPLICATIONS, FURTHER MAKING OUR LIFE DIFFICULT” SHIBU PAUL, VICE PRESIDENT – INTERNATIONAL SALES, ARRAY NETWORKS The biggest driver of security spending in India is likely to be very public, highly damaging incidents which raise awareness, and the possibility of new regulations to strengthen compliance requirements Cloud migration continues to ramp up in India with many enterprises moving to cloud India will lead globally in hybrid cloud usage and adoption over the next two years, says the Nutanix Enterprise Cloud Index report “In this context, the spending by Indian enterprises in securing their cloud environment would see an acceleration this year,” says Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro Cybersecurity will never be solved, because the cybercriminals will never stop trying to find and exploit vulnerabilities With the advent of growing awareness about security, the IT security industry will continue to grow in 2019 The government initiatives like Smart City and Safe City projects have triggered a huge demand for security hardware such as CCTV cameras, storage and solutions such as 30 SME CHANNELS FEBRUARY 2019 cloud and AI “As the IT business is growing through stagnancy, security is the next growth destination, channel partners should head to In 2019, we will see channel partners expanding verticals and stepping into the security area for better ROI and sustainable business in a big way,” says Rajesh Goenka, Director, Sales & Marketing, RP tech India Cybersecurity is affordable when compared to losing your business If sensitive data is compromised, businesses faces huge loss not just the business but also the customers “Hence, it important to invest in Cyber Security rather than taking the risk,” says Zakir Hussain FINALLY In 2018, cybersecurity was more widely accepted as a board level topic and senior executives became more aware about its impact on achieving business goals and brand protection Looking toward 2019, boards will want to see objective measurement and validation of program effectiveness and will continue to bring on “IOT (INDUSTRY OF THINGS INTERNET OF THINGS) HAS PRODUCED DIFFERENT WAYS TO INTERACT AND EXCHANGE DATA WHICH MAKES IT EASY FOR THE HACKERS TO TAKE ADVANTAGE OF THE SITUATION AND GAIN ACCESS TO ALL THE INFORMATION THAT IS BEING EXCHANGED ONLINE” ZAKIR HUSSAIN , DIRECTOR, BD SOFT independent cybersecurity advisors or add team members with experience in cybersecurity Cybersecurity was listed as one of the top three areas of increased technology investment where it is seen higher spending in 2019 than in 2018 Further evidence is in the increase in security spend as a percentage of total IT spending While still a fraction of total IT spend, security is on the rise, representing 6.2 percent in 2017 vs 5.6 percent in 2015 Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business “Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation (GDPR) are driving continued growth in the security services market Security and risk management has to be a critical part of any digital business initiative,” says Zakir Hussain CASE STUDY A MANUFACTURING GIANT IN MAHARASHTRA TRUSTS MATRIX VIDEO SURVEILLANCE FOR 24X7 SECURITY PROJECT HIGHLIGHTS: l 350+ Cameras at 13 Locations l Centralized Viewing from Single Location l Years of Service Support Warranty l Industry: Manufacturing COMPANY PROFILE: A Manufacturing giant in Maharashtra has the distinct mark of making India’s 1st Diesel Engine and Iron Mold Ploughs The company’s legacy dates to 1922 This company is the reason behind a new wave of industrialization in some of the towns in Maharashtra while preserving their rich heritage CHALLENGES Large Area to Monitor - The company is spread across a wide area employing more than three thousand people Being an established and trusted brand, maintaining quality is crucial and therefore, every area needs to be under surveillance For this reason cameras producing good quality image and can cover a greater area for monitoring was the requirement Centralized Control - The company is divided into various branches which are located at various places in Satara This gave rise to the need for a centralized solution at a centralized location from where all other sites can be monitored at a time SOLUTION OFFERED To cover the large monitoring area, Matrix provided IP Bullet and Dome Cameras that have greater Field of View when compared to other brands According to the requirement, various cameras were installed at different locations such as reception area, canteen, security area, entrance, production area, etc These cameras also provide exceptional low light images which aid in providing high-class security For storing the streamed videos, Matrix offered Network Video Recorders These NVRs have features such as Adaptive Recording which aid in storing more data in a dened space Moreover, it has Intelligent Video Analytics such as Intrusion Detection and Motion Detection which were also applied Instant notifications and alerts ensured real-time security of the premises RESULTS: l Centralized Control l 24X7 Real-time Surveillance l Higher Security with Intelligent Video Analytic ABOUT MATRIX Established in 1991, Matrix is a leader in Security and Telecom solutions for modern businesses and enterprises As an innovative, technology driven and customer focused organization, the company is committed to keep pace with the revolutions in the Security and Telecom industries With around 40% of its human resources dedicated to the development of new products, Matrix has launched cutting-edge products like Video Surveillance Systems - Video Management Software, Network Video Recorder and IP Camera, Access Control and Time-Attendance Systems as well as Telecom Solutions such as Unified Communications, IP-PBX, Universal Gateways, VoIP and GSM Gateways and Communication Endpoints These solutions are feature-rich, reliable and conform to the international standards Having global footprints in Asia, Europe, North America, South America and Africa through an extensive network of more than 2,500 channel partners, Matrix ensures that the products serve the needs of its customers faster and longer Matrix has gained trust and admiration of customers representing the entire spectrum of industries Matrix has won many international awards for its innovative products SME CHANNELS 31 FEBRUARY 2019 SECURITY REETWIKA BANERJEE, (MBA IN CYBER SECURITY CERTIFIED DLP ADMIN (SYMANTEC & RSA), CLOUD SECURITY AUDITOR, ISO 31000 RISK ASSESSOR, ISO 27001 LI, PIMS WITH GDPR LI, PCI DSS LI AUTHOR’S BIO REETWIKA BANERJEE IS A PROFESSIONAL CYBER SECURITY EXPERT, PRESENTLY ASSOCIATED WITH ACCENTURE AS THEIR ENTERPRISE DATA PRIVACY CONSULTANT HER PRINCIPAL ROLE IS TO ADVOCATE SENIOR MANAGEMENT ON HI-TECH CYBER SECURITY THREATS AND HOW TO PREVENT CONFIDENTIAL DATA LEAKAGES OUT OF THEIR ORGANIZATION’S NETWORK SHE IS ALSO AN INTERNATIONALLY AWARDED AUTHOR HER LATEST BOOK ‘CYBER SECURITY AT YOUR FINGERTIPS’ WAS RELEASED AT THE NEW TOWN BOOK FAIR 2018 BY EMINENT JUDGE (RETD.) OF BANGALORE HIGH COURT MR GAUTAM RAY AND SENIOR ADVOCATE OF CALCUTTA HIGH COURT MR BIMAN SAHA TO CHASE HER PASSION AND EDUCATE COMMON PEOPLE ABOUT SECURITY THREATS, NEED OF DATA PRIVACY, PREVALENT CYBERCRIMES AND THEIR PREVENTIONS, REETWIKA CONTRIBUTES AS A REGULAR COLUMNIST TO THE ESTEEMED MULTINATIONAL NEWS PORTAL ‘DIFFERENT TRUTHS’ YOU MAY WRITE TO REETWIKA AT: REETWIKAB@GMAIL.COM 32 SME CHANNELS FEBRUARY 2019 PREVENT ENTERPRISE DATA REACHES THROUGH DATA LOSS PREVENTION (DLP) PROGRAM One of the most critical success factors of DLP program management is the appointment of a proficient DLP administrator who will be able to continuously measure the effectiveness of the implemented solution INTRODUCTION Data Loss Prevention (DLP) is the method of monitoring, detecting and blocking of sensitive data leakage out through organization’s various communication channels It can be done using a set of scientific tools, processes and techniques which we will discuss here However, DLP must be looked upon as a tailored security strategy rather than a readymade security appliance The most common application area of Data Loss Prevention is to comply with the requirements of various data security standards and international privacy laws like General Data Protection Regulation (GDPR), ISO 27001, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) etc Other use cases may include protection of Intellectual Properties (IP) and enhanced data visibility into the internal data movement which in turn can prevent insider threats to a large extent DLP can also be used as a tool to carry out entity behavior analysis, study user browsing pattern, silent email monitoring, etc WHERE DO DATA LEAKAGES HAPPEN Sensitive data (example: Social Security Number, Employee records, Payment Card info, Intellectual Property, Customer Data, Patient health records etc) may reside in different forms scattered across the environment, residing mainly in three states – in-use (at endpoints like desktops, laptops, printers, end user machines, screenshots etc), inmotion (network traffic through wireless hotspots, intranet, websites, telephony, mobility solutions, emails, exchange servers etc) or at-rest (archived data at databases and external data storages like USBs, pen drives, discs, magnetic tapes, unused hard drives, external hard disks, memory cards etc) Ex-filtration or transmission of company’s sensitive data can happen through any of these sources posing immense risk to IT assets and company data The leakage can be intentional or unintentional, but the risk of breach can have SECURITY a variety of ways outside the company’s network All of these get identified by the DLP tool and actioned upon by a layered remediation team The first level (L1) remediation team does the gating analysis and escalates their incidents to the higher level (L2) to investigate The respective end user whose action triggered the DLP incident is then educated by the L2 team with Remediation Plans and policy exceptions if backed up with a justified business reason The DLP lifecycle typically comprises of seven phases – end user tries to send sensitive data outside the company, DLP tool identifies and actions against the unauthorized data transfer, Remediation team triages the incident, educates end user about the action taken (allow/ block/ quarantine/ exception) and finally closes the incident If it is found to be a false positive trigger, the L1 analyst closes the incident with appropriate comments CRITICAL SUCCESS FACTORS OF DLP PROGRAM detrimental impacts on the organization and its clients DLP System Integration Once that is done, the next step is to choose and define the internal DLP policies and regular expressions (RegEx) as accurately as possible because that will determine the level of effectiveness of the overall DLP program Few additional system components might need to be integrated with the chosen DLP suite to ensure comprehensive results ciency is tested through incident management, initially with a pilot run and then spanning across slowly throughout the enterprise Actions can be taken in four ways – Detect the breach and notify the user, block the data transfer, quarantine it or encrypt the sensitive data suitably and then allow the data movement out of the enterprise A DLP incident is defined as any inadvertent loss of sensitive information A Data Loss Prevention solution comprises of policies to prevent any unauthorized transmission or disclosure of sensitive information to illegitimate users If there are any policy violations, the solution will auto generate incidents which need to be addressed by the support team immediately Whenever any suspicious activity is noticed within the internal data environment, the DLP tool flags a security incident The DLP Management security solution ensures monitoring of the security events logged by the system The reported incidents generated by the business applications, operating systems, network and security devices, wireless access points and databases are analyzed in near real time by the Compliance team and the right business owners are alerted for immediate action Respective team then gears up as per the priority of the incident This DLP incident management process is typically termed as Data Loss Prevention Remediation Incident Remediation After the DLP operating model is set up, the effi- SEVEN PHASES OF DLP LIFECYCLE An end user may send or share sensitive data in DATA LOSS PREVENTION PROGRAM MANAGEMENT DLP program management is a three stage process – Sensitive Data Discovery, DLP System Integration and Incident Remediation Sensitive Data Discovery The DLP program management starts with the identification of sensitive data and their respective locations in the entire ecosystem (Data in Motion, Data in Use and Data at Rest) which is technically termed as Data Discovery Different hi-tech tools are available in the market which can be integrated with the DLP solutions to carry out data discovery; some even come with a bundled discovery offering along with the DLP tool One of the most critical success factors of DLP program management is the appointment of a proficient DLP administrator who will be able to continuously measure the effectiveness of the implemented solution With increase in data volume and number of users, the count of false positives may go abnormally high, slowly diminishing the overall efficiency of the DLP process Lack of proper balance would indicate the time to fine tune the DLP policies Only an expert will be able to determine the appropriate time to call for reconciliation The DLP admin must be well trained in conducting incident trend analysis and policy exception handling on a regular basis Any indicative premonitions must be discussed immediately with company’s security leadership However, the success of DLP execution lies with the selection of the most appropriate DLP tool in the initial phase of the program Innumerable DLP service providers are available in the global market, each specializing in different aspects of data management with varying degrees of flexibility and licensing models The business and security leads of the organization must take an envisioned call in selecting their DLP implementation partner as per company’s needs, countries of future operation, data types and targets to achieve by implementing the DLP solution Let me highlight here, implementation of DLP is a pricey, vigorous, long term and resource consuming technical solution So, essentially choosing the right partner becomes immensely critical in the long run SME CHANNELS 33 FEBRUARY 2019 SECURITY CYBER SECURITY INCIDENT RESPONSE AND MANAGING RISK Incident response must not be treated as an isolated event and therefore incident simulations, tabletop exercises and reporting is key process to incident response planning ANUP KANTI DEB, RESILIENT SEGMENT BUSINESS LEADER – IBM RESILIENT -CYBER RESPONSE IBM SECURITIES (APJ) Incident Response is an ongoing process, a lifecycle which requires a risk mitigation strategy covering operational, legal and reputational risk A typical cybersecurity attack can result in a combination of attack across target segments within an organizational network and data that can result in critical infrastructure being exposed lacking security controls to mitigate risks A good cybersecurity framework is therefore an imperative keeping into consideration how an organization builds 34 SME CHANNELS FEBRUARY 2019 its cybersecurity strategy that encompasses an integrated and holistic approach centered around security orchestration, analytics and incident response , It is fundamental for an organization to have critical controls in place across prevention , detection and response environments that can help organizations build resiliency in providing a consistent and predictable recovery experience that can seamlessly respond to IT complexities and interdependencies across all environments Incident response plan must be designed in a way that can help organization respond quickly and efficiently in the event of a breach involving stakeholders and other lines of business (LOB) including the InfoSec and IT teams Involving stakeholders across the organization helps in facilitating accountability and transparency with an objective to mitigate and minimize risk , The incident response team should expand beyond responding to security threats but should include SECURITY AUTHOR’S BIO ANUP LEADS THE CYBER SECURITY - INCIDENT RESPONSE BUSINESS FOR IBM ACROSS ASIA PACIFIC HE COMES WITH A RICH BACKGROUND OF WORKING IN THE CYBER SECURITY INDUSTRY HAVING SPECIALIZED IN THE AREA OF CYBER SECURITY -RISK AND COMPLIANCE HE IS ALSO A SUBJECT MATTER EXPERT IN INCIDENT RESPONSE HE IS CURRENTLY EXPANDING IBM RESILIENT BUSINESS FOOTPRINT WITHIN THE REGION ANUP HAS ALSO PREVIOUSLY WORKED WITH EMERGING TECHNOLOGY STARTUPS AND LEADING IT COMPANIES INCLUDING HEWLETT PACKARD , ORANGE BUSINESS SERVICES, WIPRO AND HCL management , human resources , legal ,audit and risk management specialist ,general council and public relations A case in point for example is in the case of insider threat a response plan mandates involvement of HR to check employee background, responsibilities and credential fundamentally key to minimizing risk Similarly a response process should include a general council attorney to ensure that any evidence collected maintains its forensic value in the event that the company chooses to take legal action Target, Yahoo are case studies illustrating the importance involving team early from the legal, compliance and public relations that can address risk In essence incident response is about managing risk and incident response must be a holistic approach to managing risk which can impact operational, legal as well as Reputation of an organization Incident response must not be treated as an isolated event and therefore incident simulations, tabletop exercises and reporting is key process to incident response planning enabling teams to test response plans, identify gaps, and refine response processes that defines an incident response preparation In order to address incidents it is important to ensure that an IR plan include a) Documentation and establishing policies, procedures, and agreements for incident response management b) define communication guidelines key to incident response preparation c) incorporate threat intel feeds for enrichment and better prepare of investigations to identify indicators of compromise ( IOC ) d) conduct operational threat hunting exercises to have a an alert and prepared team security team helping response to be more proactive Another very pertinent aspect of Incident response is Communication Communication strategy must encompass both internal and external stakeholders In order to know what to communicate to whom, an organization should assess the potential impact of the cyber security incident; for example if it concerns to only internal or also external stakeholders The magnitude of the incident including evidence of data leakage may involve external stakeholders Depending on impact of the cyber breach, an organizations cyber security incident communication will have different objectives For example a Privacy data breach would involve notification and adhering to the privacy www.infosecglobal.co.in Page 13 of 50 data breach regulation of the respective country regulations In today’s context some of the external regulatory guidelines may be complex (ex GDPR) and would need a proper communication strategy in place in order to comply with regulatory obligations Global, national, and local privacy breach requirements are more complex than ever before and is continually evolving Privacy and legal teams can spend days working to meet regulatory obligations after an incident Communication therefore is the key to mitigate any risk both from a reputational and legal standpoint In a digital age communication is an important strategy to mitigate risk and an extremely critical component to the basic operations of a company and therefore incorporating a communications strategy that takes into account business, legal and regulatory requirements should be a priority Containment and Recovery of security incident is an important step for any incident response plan keeping into consideration business continuity demands and disaster recovery solution This includes prioritizing which assets to rebuild first and ensuring business continuity Recovery process should include addressing the attackers point of penetration or associated vulnerabilities to be eliminated on priority and systems restored Here it is important to ensure identified CIRT members or owners to work hand in hand with the Business continuity planning team together to ensure smooth running of business operation Post containment of a breach, the next phase of an incident response plan is to eliminate the root cause of the breach An Incident plan eradication program need to be designed to ensure malware be securely removed, systems be hardened, patched and most importantly updates being applied This is critical given that any trace of malware or security issues if remains in the affected systems the risk will continue existing and liability could increase Eradication and recovery should be done in a phased approach so that remediation steps are prioritized Post incident event analysis is a critical component of any incident response plan as it provide an opportunity for the stakeholders to reflect an incident and apply lesson learnt in order to make an incident response place proactive and efficient It also helps to improve security measures, identify early potential gaps and be more prepared in future Conclusion and the Future State of Incident Response: Given the explosion in autonomous and other devices connected to the net, access to smart phones even in emerging economies and service providers in transformation, social networks in ferment and organizations digitalization relying on DevOps, we must be prepared to have a matrix for positive possibilities but increasing threat surfaces exposed This will lead to multivector threats being executed on corporate as well as private targets and risk factors will become even more exposed Therefore the state has to make private citizens aware on cyber safety As far as enterprises and corporations are concerned they will need to deploy appropriate counter measure incident response technology that can be real time anticipate and proactively respond, subscribing to threat intel feeds and intel sharing across verticals combining the capability to bring in people , process and technology together to response from attackers This can happen possibly through Artificial Intelligence and Intelligent Orchestration AI combined with intelligent orchestration will help to drive added capability that will help in shortening the triage and proving expert knowledge at the point of Cyber decision making that can Outsmart, Outpace and Outmaneuver Cyberattacks SME CHANNELS 35 FEBRUARY 2019 SECURITY EMERGING CYBER SECURITY CHALLENGES – NEW THREAT LANDSCAPE The new generation of attacks are complex, use multiple attack vectors to maximize the chances of breaking through defenses Cyber Security Challenges have increased manifold & there is paradigm shift in Threat Landscape In spite of substantial spending on legacy security products, advanced attackers are bypassing these defenses at ease making the life of Security Professional miserable There’s no single technical answer Attackers will always exist and innovate and find a way into any organization data no matter how secured is the defense mechanism Breaches are inevitable The shift in security outlook needs to change from “keep them out” to “early detection and response before damage is done” NEW THREAT LANDSCAPE Attacks have changed in form, function, and sophistication The main difference is the new threats (advanced attacks, APTs etc.) are actively driven by humans, as opposed to previous generation attacks which were malware based attacks (viruses, Trojans, worms etc.) These advanced attacks utilise both malware designed to infect many systems as well as sophisticated, zero-day malware to infect targeted systems They use multiple attack vectors like Web, email, and application-based attacks And today’s attacks are aimed at getting valuable data assets—sensitive financial information, intellectual property, authentication credentials, insider information—and each attack is often a multi-staged effort to invade networks, spread, and ultimately hack the valuable data LIMITATIONS OF TRADITIONAL SINGLEVECTOR DEFENSES Most of the Security organizations are looking for malware based attacks instead of human attackers who may use malware as part of their advanced attacks Hence new generation of threats are able to bypass traditional security defense • Firewalls: Firewalls allow generic http Web traffic Next-generation firewalls add layers of policy rules based on users and applications & consolidate traditional protections such as IPS and AV but not add dynamic protection that can detect threat content or behavior • IPS: Works on Signatures, packet inspection, DNS analysis It will not detect anything unusual in a zero- 36 SME CHANNELS FEBRUARY 2019 day exploit, especially if the code is heavily disguised or delivered in stages • Anti-virus and Web malware filtering: Since the malware and the vulnerability it exploits are unknown (zero-day), and the website has a clean reputation, traditional AV and Web filters will let it pass The volume of vulnerabilities in browser plug-ins like Adobe and the exponential combinations of these browsers with operating systems make it hard for AV vendors to keep up • Email spam filtering: Spoofed phishing sites use dynamic domains and URLs, so blacklisting lags behind criminal activities It takes more than 26 hours to shut down the average phishing site Malicious code can also be carried in laptops, USB devices, or via cloud-based file sharing to infect a machine and spread laterally when it connects into the network It is common for mobile systems to miss updates to DAT files and patches, so they are vulnerable to both known and unknown exploits In general, even up-to-date machines can be infected using zero-day exploits and social engineering techniques, especially when the system is off the corporate network Once in place, malware may replicate itself—with subtle changes to make each instance look unique—and disguise itself to avoid scans Some will turn off AV scanners, reinstall after a cleaning, or lie dormant for days or weeks Eventually, the code will pass on login credentials, financial data, and other valuables Many compromised hosts provide a privileged base so the criminal can explore further or expand his botnet with new targets Most companies don’t analyse outbound traffic for these malicious transmissions Those organizations that monitor outbound transmissions use tools that look for “known” bad actor addresses and regulated data • Web filtering: Most outbound filtering blocks adult content or time-wasting entertainment sites Many enterprises restrict social networking sites “There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time The threat is real You are compromised; you just don’t know it.” – Gartner, Inc., 2012 “ SUDIPTA BISWAS, VICE PRESIDENT AND CHIEF INFORMATION SECURITY OFFICER, PRIME INFOSERV LLP AUTHOR’S BIO A GRADUATE ENGINEER WITH 32 YEARS INDUSTRY EXPERIENCE IN THE DOMAIN OF INFORMATION TECHNOLOGY & INFORMATION SECURITY HIS PAST ASSIGNMENTS WERE IN COMPANIES LIKE GEC & BHEL HE IS AN EXPERT IN INFORMATION SYSTEM SECURITY DOMAIN WITH DEEP EXPOSURE IN GOVERNANCE, COMPLIANCE, PROCEDURES & STRATEGIES HIS KNOWLEDGE COVERS A WIDE SPECTRUM WITH A HOLISTIC VIEW ON PEOPLE, PROCESS AND TECHNOLOGY, FOCUSING ON INFORMATION SECURITY, DATA PROTECTION , PRIVACY ,INCIDENT MANAGEMENT AND AUDITS THE FIVE STAGES OF MULTI-VECTOR ATTACKS The new generation of attacks are complex, use multiple attack vectors to maximize the chances of breaking through defenses Multi-vector attacks are typically delivered via the Web or email They leverage application or operating system vulnerabilities, exploiting the SECURITY inability of conventional network-protection mechanisms to provide a full-proof defense In addition to using multiple vectors, advanced targeted attacks also utilize multiple stages to penetrate a network and then steal valuable information This makes it far more likely for threats to go undetected The five stages of the attack life cycle are as follows: System exploitation : The attack attempts to set up the first stage, and exploits the system using casual browsing It’s often a blended attack delivered across the Web or email with the email containing malicious URLs Malware executable payloads are downloaded and long-term control established: A single exploit translates into dozens of infections on the same system With exploitation successful, more malware executables—key loggers, Trojan backdoors, password crackers, and file grabbers—are then downloaded This means that criminals have now built long-term control mechanisms into the system Malware calls back : As soon as the malware installs, hackers establish a control point within organizational defenses Once in place, the malware calls back to criminal servers for further instructions The malware can also replicate and disguise itself to avoid scans, turn off anti-virus scanners, reinstall missing components after a cleaning, or lie dormant for days or weeks By using callbacks from within the trusted network, malware communications are allowed through the firewall and will penetrate all the different layers of the network Data exfiltration : Data acquired from infected servers is transmitted via encrypted files over a commonly allowed protocol, such as FTP or HTTP, to an external compromised server controlled by the criminal Malware spreads laterally : The hacker now works to move beyond the single system and establish long-term control within the network The advanced malware looks for mapped drives on infected laptops and desktops, and can then spread laterally and deeper into network file shares it will map out the network infrastructure, determine key assets, and establish a network foothold on target servers HOW THE NEW GENERATION OF THREATS BYPASS TRADITIONAL SECURITY Cybercriminals combine Web, email, and file-based attack vectors in a staged attack, makingW it far more likely for their attacks to go undetected Today’s firewalls, IPS, AV, and Web gateways have little chance to stop attackers using zero-day, one-time-use malware, and APT tactics These blended, multi-stage attacks succeed because traditional security technologies rely on fairly static signature-based or pattern matching technology Many zero-day and targeted threats penetrate systems by hiding newly minted, polymorphic dropper malware on innocent Web pages and in downloadable files like JPEG pictures and PDF documents Or they use personalized phishing emails sent to carefully selected victims with a plausible-looking message and malicious attachment targeting a zero-day vulnerability Or they use social media sites embedding tweets that include a shortened URL masking the malicious destination Each time a victim visits the URL or opens the attachment, a malware payload installs on the victim’s computer This malware code often includes exploits for multiple unknown vulnerabilities in the OS, plug-ins, browsers, or applications to ensure it gains a foothold on the system NEXT GENERATION THREAT PROTECTION(NGTP) Today’s Corporations, Financial Institutions, Educational Institutes, Government agencies are experiencing unprecedented cyber-attack activity — both in number and severity In a never-ending game of cat and mouse, the cat currently has the upper hand And unless your organization is prepared, you may be its next victim By now it is pretty evident that how serious today’s next-generation threats are and why traditional security defenses are helpless to stop them Now it’s time to unveil a new category of network security defense ie Nextgeneration threat protection - What is really needed to combat today’s most sophisticated cyber attacks SIGNATURE-LESS DEFENSES Organizations today need to explore a new threat protection model in which their defense-in-depth architecture incorporates a signature-less layer that specifically addresses today’s new breed of cyber attacks Although traditional security defenses are critical for blocking known cyber-attacks, experience has shown that it’s the unknown cyber-attacks that are most dangerous, and on the rise And since these zero-day, polymorphic, and APTs are largely unknown and becoming the new norm for successful breaches, the world needs a signature-less solution to stop them PROTECTION — NOT JUST DETECTION In earlier days there were intrusion prevention systems (IPS) & intrusion detection systems (IDS) An IDS, by design, can only detect known threats (or unknown threats targeting known vulnerabilities) As time progressed, organizations demanded that their IDS not only detect but also block cyber attacks Thus, IPS was born In that vein, the world needs an advanced threat protection platform that not only detects the threat, but blocks it, too, across all potential entry vectors MULTI-STAGE PROTECTION ARCHITECTURE In a perfect world, IT would maintain full control of every computing device on the network Then only worry about cyber attacks originating from outside the network and attempting to penetrate it through the perimeter Of course, with mobile computing on the rise and IT being compelled to implement bring your own device (BYOD) policies, sometimes cyber attacks are hand-carried right through the office front door What the world needs is an advanced threat protection solution that not only monitors cyber attacks from the outside in, but the inside out, as well — across all stages as they attempt to communicate out or spread laterally through the network If you can’t stop threats from entering through the Web, email, or the office front door, then at least stop them from communicating out and spreading further Highly accurate detection engine www.infosecglobal.co.in Page 18 of 50 As with traditional signature-based defenses, detection accuracy is king What is required to adequately defend against next-generation threats is an advanced threat protection solution that is highly accurate, with no false positives (good files classified as bad) and no false negatives (bad files classified as good) False positives and false negatives are products of security platforms with poor detection capabilities False positives are mainly a “nuisance” as they consume valuable security analyst cycles time after false alarms False negatives, on the other hand, can be dangerous as advanced malware passes right through the network security device completely undetected Backed by global threat intelligence Every cyber-attack has a “ground zero” — a single host that is the first target on Earth to ever experience a given cyber-attack What is really needed , is a mechanism for allowing advanced threat protection systems to share intelligence, not only within a single organization, but also among different organizations globally We may not live in a perfect world But there is an ideal solution for combating today’s most sophisticated attacks Defining Next-Generation Threat Protection Next-generation threat protection (NGTP) is a new breed of network security technology specifically designed to identify and defend against today’s new breed of cyber-attacks Intended to augment — not replace — traditional security systems, NGTP represents a new layer in the defense-in-depth architecture to form a threat-protection fabric that defends against those cyber-attacks that go unnoticed by common signaturebased defenses NGTP platforms customarily ship on high-performance, purpose-built rackmount appliances Preferred NGTP vendors offer an integrated platform that inspects email traffic, Web traffic, and files at rest, and shares threat intelligence across those attack vectors NGTP platforms are unlike any network security offering on the market NGTP appliances inspect traffic and/or files looking for thousands of suspicious characteristics, including obfuscation techniques like XOR encoding and other disguising behavior Sessions are replayed in a (safe) virtual execution environment (think virtual machines, but using a custom-built virtualization engine specifically designed for security analysis) to determine whether the suspicious traffic actually contains malware SME CHANNELS 37 FEBRUARY 2019 SECURITY THE NEED FOR STANDARDIZATION IN DIGITAL SERVICES DELIVERY SUNDEEP OBEROI Dr Sundeep Oberoi has 35 years of industry, research and entrepreneurial experience in diverse areas of Information and Communication Technology He has a Ph.D in Computer Science from I.I.T Bombay, an M.Tech in Computer Science from I.I.T Delhi and a B.Tech in Chemical Engineering from I.I.T Kanpur Currently, Dr Oberoi is Global Head for Delivery of the Enterprise Security and Risk Management Unit in TCS ANUPAM AGRAWAL Anupam is a Cheveninig Fellow on Cyber security Additionally, he has Finance Degree from ICAI & ICWAI, India; IT Security Degree from ISACA, USA & Internet Governance Certification from University of Aarhus, Germany & Next Generation Leaders Program of Internet Society in association with DIPLO Foundation He is the Co founder of India Internet Foundation also 38 SME CHANNELS FEBRUARY 2019 Finally, when a human service agent is connected to the user, there may be a call drop and there is no method to reconnect the call and resume the conversation where is was interrupted Today a significant of portion of services are being delivered digitally to consumers The consumer interaction channels may be via a web application, a mobile app, a mobile POS terminal or an IVR interface or a combination of these, in addition to delivery mechanisms for physical goods Each service provider uses a different combination of interaction channels with widely differing user interfaces and experiences These are implemented with various degrees of usability, reliability, security and privacy Poor implementation results in very high levels of time wasted and possible risk of security breaches leading to financial loss and privacy impact Since many of these services are essential services such as banking and citizen services delivered by Government departments, there will be significant benefit in standardizing certain important aspects of this service delivery This note identifies the following important areas for digital service delivery standardization The issue of payment systems has been left out of this note since the authors believe that electronic systems are incorporated into digital service delivery in a reasonably modular way and there is a whole regulatory and standardization regime that adequately covers this aspect • Registration and Identity Proofing Many digital services require registration and of those several require an Identity Proofing process that may involve uploading of electronic copies of documents, submission of hard copies of documents, authentication based upon data already available with the service provider of (like mobile number, personal details like birth date, mother’s maiden name, postal code etc.) or the use of Aadhaar identity authentication • Recovery of Authentication Credentials Currently the most prevalent method of recovery of authentication credentials is via a “forgot password” functionality which may authenticate the user over and IVR channel or via an SMS based OTP to a registered mobile number If authentication is successful a temporary password (or a link that permits an initial login and the creation of a new password) is sent to the registered email-id In a small number of instances a new credential like a temporary password or new PIN is delivered via post or a courier company • SLA on Synchronous Channels In many instances the interface for interaction is via an IVR channel There are deep menus and indeterminate wait times There may not be a distinction between and emergency type interaction and a routine type interaction Finally, when a human service agent is connected to the user, there may be a call drop and there is no method to reconnect the call and resume the conversation where is was interrupted • Issue Redressal Systems Some providers provide a method to log issues either via a web interface, email, a phone interface or by physical post A few providers may assign an issue/problem/request number and that may allow for limited follow up and tracking SECURITY WAYS TO PROTECT YOURSELF FROM CYBER CRIMINALS WHEN SHOPPING ONLINE With companies fighting for your attention, scammers have plenty of camouflage for their phishing emails and fake sites O nline shopping deals are everywhere There are deals in windows and on TV; deals on the web; deals on Instagram, Twitter and Facebook, deals via SMS, WhatsApp and Messenger; and deals in email, as online retailers attempt to lure shoppers to buy from them instead of the competition With companies fighting for your attention, scammers have plenty of camouflage for their phishing emails and fake sites They can dress them any which way, whether it’s fake offers that really are too good to be true, or any number of excuses for drumming up a bit of false urgency and demanding a login (Check your order! Verify your account! Register now!) Scammers will whatever it takes and won’t stop trying to dupe you or take their foot off the gas until you give in and fall for the scam So, while it’s tempting to tell you to things differently while shopping online this republic day, there’s no reason you should Even if you’re planning to join me and log off for the next couple of days, the scammers will still be there when you come back Cybersecurity is 24/7, every single day of the year, because so is cybercrime Want to protect yourself? Then follow these simple tips, every day: • Use a web filter: Web filters, like the one included in Sophos Home, stop you from browsing to websites that are known to be used for scams, phishing or spreading malware • Use a password manager: Password managers create, remember and enter passwords for you, and they won’t enter your password into a phishing site, no matter how convincing it looks • If it looks too good to be true, it is: Scams make wild claims and use familiar brands or friends and family to make them seem trustworthy Stay alert, and if something seems off, it probably is • Check your bank statements regularly: You can reduce the chance that you’ll become the victim of a scam but you can’t eliminate it, so make a habit of checking your bank statements regularly 39 SME CHANNELS FEBRUARY 2019 MOHIT PURI DIRECTOR SALES ENGINEERING, INDIA & SAARC, SOPHOS “SCAMMERS WILL DO WHATEVER IT TAKES AND WON’T STOP TRYING TO DUPE YOU OR TAKE THEIR FOOT OFF THE GAS UNTIL YOU GIVE IN AND FALL FOR THE SCAM.” SECURITY THREAT HUNTING - NEED OF THE HOUR! To understand about compromised system, there is a wonderful saying by Mr John Strands, i.e., “Beaconing + Blacklisting=OMG! We are in trouble” ADITYA KULLAR, CO-FOUNDER OF CALIFORNIA-BASED CYBERSECURITY COMPANY TANIUM AUTHOR’S BIO WITH NEARLY NINE YEARS OF EXPERIENCE IN NETWORK AND INFORMATION SECURITY, ADITYA KHULLAR HOLDS A UNIQUE BLEND OF VISIONARY LEADERSHIP WITH EXPERTISE TO LEAD STRATEGIC PLANNING, DIRECT MULTI-FUNCTIONAL OPERATIONS, AND RE-STRUCTURING BUSINESS MODELS PRIOR TO HIS STINT AT PAYTM, KHULLAR WORKED FOR VARIOUS GLOBAL FIRMS AND PROJECTS SUCH AS ARICENT TECHNOLOGIES, HCL INFOSYSTEMS, BANK OF AMERICA AND INTERGLOBE ENTERPRISES IN HIS PRESENT ROLE, KHULLAR LEADS THE TECHNICAL ASPECTS FOR CYBER SECURITY VERTICALS IN PAYTM AND ITS SUBSIDIARIES 40 SME CHANNELS FEBRUARY 2019 Threat Intelligence - It is the one word we all have heard various times recently The subject has been under constant scrutiny for a while now, but we understand it? Moreover, since it has been viewed very differently from different viewpoints of various security professionals, To start with let’s get to the crux of it The ultimate goal is to provide a binary answer to the question, “Do I have a compromised system in my Infrastructure?” This system can be a server or an EUD (A End user device) To understand about compromised system, there is a wonderful saying by Mr John Strands, i.e., “Beaconing + Blacklisting=OMG! We are in trouble” This means that any system that makes a continuous connection to a blacklisted IP is a compromised system In simple words, threat hunting is the black box that takes input and gives output What are all the things it encompasses? Well, we need some way to collect info and figure out whether we are already compromised or not We also need to understand that those outputs may be a formalized incident handling process put in place, or a team that does forensic investigation of subject, or it might be just a simple policy which says, “Hey, when a system gets compromised throw it away and put a new system on the wire.” Even though that may sound silly but that is a possible answer for most of the organizations The process of threat hunting spans throughout various technology teams For Example: ‘I just found a system which is beaconing to unknown/ blacklisted IP?’ Now to reach that point, we need a lot of work before and after identifying the system We require complete scanning of the system, leading to putting in incident response plans in place and after that we turn to forensics mode to get to deeper end of the cause To resolve this chaos, it is beneficial to implement Pro-active Threat Intel rather than reactive mode monitoring All in all, Global threats can be listed in types: l Remote Exploits (Public/Private) Local Exploits/ Insider Threats Browser Based attacks (Malicious advertising campaigns) l Document based attacks (Malicious attachments like excel files, PPT , Word docs delivered through Phishing campaigns) l DOS/DDOS (Volumetric/Computational and Asymmetric attack vectors) Then the next Question that arises is, “We have a lot of tools which gives a lot of feeds, so what is different in threat hunting which makes it difficult to implement?” In a typical security tool, the process is to collect a lot(I mean tons) of data because it is satisfying to see whole network on a single dashboard, ‘it will give data to the management team’ and then ‘the team will educate itself and find threats out of it’ And this last part is the distinguishing element of the threat hunting process, in comparison to other mainstream tools So going further, what are the basic frameworks that could to be used as the helping hand for the threat hunting process? One of the most common framework that is taken into consideration when talking about the tool is- MITRE ATTACK framework It is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target Secondly, while rating a vulnerability always a manual assessment basis NIST/NVD calculations with an automated scan using tools like Qualysguard, Nessus etc In the end We should understand that - The process of threat hunting may seem to be a great alternative to proactively monitor assets but a threat hunting program cannot be Implemented by every organization To build a Threat hunting team, one needs threat intelligence mindset, excellent technology engineers and pro-active tools which can give threat feed of an exploit/attack vector being seen in world space l l REVIEW PRODUCT EPSON ECOTANK M1100 NETGEAR M4300-96X MODULAR SWITCH Epson EcoTank M1100 is targeted at the office printing market and comes equipped with a host of features that are likely to tempt mono laser printer users to shift to Epson’s EcoTank printers It is specifically designed to lower business printing costs when compared to mono laser printers THE NETGEAR M4300-96X IS THE WORLD’S ONLY 2U RACK height modular switch that comes either empty or pre-populated and scales up to 96 ports of 10G Ethernet or up to 24 ports of 40G Ethernet, or a combination With 12 open slots and two redundant power supplies, the M4300-96X supports maximum granularity between copper, PoE+ and fiber and unrivalled headroom for organizations buying infrastructure for the long term To truly converge, IT and AV networks, pre-configured 10 Gbps infrastructure is ready with NETGEAR SDVoE-ready M4300 switches Instant installation with pre-enabled IGMP/multicast, scalability and affordability gets your ProAV deployment running in no time, with optimal 4K no-compromise quality To take unnecessary complexity out of AV-over-IP deployments, NETGEAR created M4300 switches that are preconfigured for easy, true AV and multicast Zero Touch network configuration SWITCH: • Streamlines AV-over-IP SDVoE solutions, replacing 48ì48 circuit switchers 1.92Tbps Non-blocking fabric for 96x10G or 24x40G or a combination • 12 empty slots in 2RU for 8x10G or 2x40G port expansion cards • Two empty slots for redundant power supply units (PSU) • PoE over 10G is supported in first slots (48x10G PoE+ 30W each) • Use the M4300-96X online configurator to design your modular switch • Zero Touch AV-over-IP with pre-configured L2 Multicast (SDVoE-ready) • Advanced Layer 2, Layer and Layer feature set – no license required management, USB storage • Easy-to-use Web browser-based management GUI series printers make printing 23 times lower as compared to mono laser printers, which cost Rs 2.74 per print with original toners Over the life of the printer this translates into very significant savings for any organization Epson says its monochrome EcoTank printers are also designed with an eye on the environment and keeping the UN Sustainable development Goals (SDG’s) in mind The refill ink bottles provide an ultra-high page yield of up to 6,000 pages per bottle as against laser printers that provide an original toner yield of just 2,000 pages per toner This can help businesses eliminate the frequent changes of toners and thereby help them significantly reduce their carbon footprint PRICE On request WARRANTY On Request KEY FEATURES OF THE M430096X MODULAR MANAGED With an ultra-low printing cost of 12 paise per print, the new Epson EcoTank M CONTACT Price: INR 12,099 Warranty: On Request Contact: www eid.epson.co.in https://www.netgear.com/ SME CHANNELS 41 FEBRUARY 2019 PRODUCT NEW ARRIVALS HIKVISION HIKVISION SMART POLES FOR SMART INFRASTRUCTURE MATRIX MATRIX PRASAR UCS MATRIX PRASAR UCS, an Enterprise Unified Communication Server connects internal and external decision makers at multiple locations for effective communication and real-time collaboration It enables enterprises to enhance business processes by unifying communication mediums to simplify the daily workflow and increase their response time Being a pure IP solution, PRASAR UCS is a single box solution, scalable up to 2,100 users, as per future communication needs of the organization Bring people together anytime, anywhere, and on any device with our integrated collaboration infrastructure for voice and video calling, messaging, and mobility HIKVISION SMART POLES for Smart Infrastructure solution uses cutting-edge Hikvision technology to secure people while keeping them connected while they are on the move for work or travel Hikvision Smart Poles better safety and security solution to keep public areas secured in day as well during night Integrated with PTZ Camera to capture Live View and Zoom Areas the poll comes with emergency Call Box with HD camera, to raise Panic Alarm / Emergency Alarm It helps to realize alarm and aid as soon as possible and provides more efficient service for building social stability It also supports TWOWAY audio for communicating with Command Control Plus, it also supports scheduled turning on/off the alarm lamp in case of emergency It is mainly applied to the scenarios of school, square, tourist attraction, hospital, supermarket gate, market, station, parking lot, etc Price: On Request, Warranty: On Request, Contact: : https://www.hikvision.com/en DIGISOL DIGISOL DG-VG2300N VDSL ROUTER DIGISOL DG-VG2300N complies with IEEE 802.11n to provide a faster and secure data transfer With 300 Mbps Wireless speed over the 2.4GHz band, the DG-VG2300N provides seamless HD video streaming, online gaming and other network tasks DG-VG2300N VDSL Router Comes with the Latest ITU-T G.993.2 VDSL2 standard, provides up to 100 Mbps Speed downstream and upstream, and backward compatibility with ADSL The device covers you in terms of network security, offering the highest levels of wireless security to ensure your safety and privacy In addition to guest network access and parental controls that you can tailor to each device, you have VPN support for secure access to your home and office network Its Easy Setup Assistant enables one to get quick & hassle-free installation 42 SME CHANNELS FEBRUARY 2019 Key Features: • High Internet Access throughput Downstream upto 24Mbps and Upstream up to 1Mbps (ADSL) • High Internet Access throughput Downstream upto 100Mbps (VDSL) • Wireless speed up to 300Mbps • Robust WLAN Security • Dedicated WPS and WLAN push button • Dynamic DNS and VPN Pass through support n Pricing: Rs.1999/- , Warranty: On Request, Contact: : www.digisol.com RNI NO: DEL ENG/ 2010/ 31962 Postal Reg No.: DL-SW-1/4145/16-18 Licensed to Post without pre-payment U(SW)/19/2017-18 Date of Publication: 13 of Every Month Date of Posting: 15 & 16 of Every Month THE BEST JUST GOT BETTER NOW WITH EDR DETECT, INVESTIGATE, AND RESPOND TO SUSPICIOUS ACTIVITY BETTER THAN EVER BEFORE Ì Add expertise, not headcount with built-in machine learning and threat intelligence from SophosLabs Ì Understand the scope and impact of security incidents Ì Detect attacks that may have gone unnoticed Ì Search for indicators of compromise across the network and prioritize events for further investigation Ì Guided incident response: Understand your security posture and respond with the click of a button Learn more at : sophos.com/interceptx ... Subscription: Rs.200 (12 issues) SME CHANNELS All payments favouring: Accent Info FEBRUARY 2019 Media Pvt Ltd SNIPPETS PRODUCT | CHANNEL | CONSULTING | SERVICES for more log on to smechannels.com India Most... SECURITY SPENDING IN 2019 SME CHANNELS 29 FEBRUARY 2019 COVER STORY “SOME ATTACKS WHICH TARGET THE IOT ARE LIKELY TO BE COMPLEX AND DIFFICULT TO DEFEND AGAINST” AVINASH GARG , DIRECTOR, CHANNELS & ALLIANCES,... into their security architecture SME CHANNELS FEBRUARY 2019 Intent-based Segmentation allows organizations to achieve granular access control, continuous trust assessment, end-to-end visibility and