» SECURING THE FUTURE

Cybersecurity vendors have evolved next generation security technologies to take on the rapidly transforming threat landscape

With the need for cybersecurity to be now an integral part of digital transformation initiatives, cybersecurity investments are a priority for IT decision makers. The advent of Zero Trust and SASE along with several others have redefined the traditional approach to security, especially to be relevant in a multi cloud era. Every year at GISEC, the advances on the cybersecurity front gets showcased by leading vendors and at this edition too, expect nothing less. A visit to the expo seems mandatory for CISOs and CIOs as well as other senior IT decision executives to get a good overview of what they could possibly factor into in their focus ahead for securing their organizations better.

Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East says, “GISEC is one of the most anticipated events in the region which provides an enormous platform to showcase our transformation and signal our new thinking and energy and capitalize on new business development. We will emphasize on our new strategic directions towards the best and brightest thinking around our solution highlights through our new mantra ‘You Deserve the best Security’ and showcase our Infinity portfolio of solutions which includes our three main pillars, Check Point CloudGuard, Check Point Harmony and Check Point Quantum.”

The vendor will introduce Demo Point to its channel partners and end customers where they get to explore our Quantum (Network), CloudGuard (Cloud) & Harmony (User and Access) security products. Check Point’s cloud security architects will be engaging with customers onsite and showcase how to address cloud

security at scale and speed. Check Point will also be discussing and showcasing its hyperscale architecture – Maestro solution and engaging with prospects how it can be relevant to their environment and address some of their use cases.

For Qualys, the focus would be on their latest innovations 30-day trials will be offered to interested delegates. Technical experts at Maher Jadallah

Senior Director MENA, Tenable

their booth will address queries around their solutions including Qualys CyberSecurity Asset Management (CSAM), Qualys Vulnerability Management Detection and Response (VMDR) and Qualys Context XDR. Qualys CyberSecurity Asset Management (CSAM) is an asset management solution that enables security teams to reduce the ‘threat debt’ by continuously inventorying assets, applying business criticality and risk context, detecting security gaps like unauthorized or EOL software and responding with appropriate actions to mitigate risk. Qualys Vulnerability Management Detection and Response (VMDR) is a single-console platform for the discovery, assessment, prioritization, and patching of critical vulnerabilities in real time, across global hybrid-IT landscapes. This year, Qualys will be highlighting VMDR’s recently added Advanced Remediation capability. Qualys Context XDR is a context-aware XDR solution that combines rich asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, along with high-quality threat.

Lookout will use GISEC as a platform to showcase the Lookout Security Service Edge (SSE) solution. Lookout SSE consolidates CASB, ZTNA, and SWG with Endpoint Security into a unified platform that reduces cost and complexity while simplifying management of security and access across all endpoints, clouds and on-premises infrastructures

Hadi Jaafarawi

Managing Director – Middle East, Qualys Bahaa Hudairi

Regional Sales Director META, Lookout

Bahaa Hudairi, Regional Sales Director META, Lookout says, “Lookout Security Service Edge (SSE) solution enables organizations to secure their data while supporting a modern, anywhere anytime workforce with consistent cloud-delivered security policies regardless of where data is stored. In addition to integrating Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) into a single platform, Lookout SSE integrates policy and data security enforcements deeply across web, SaaS and private applications. These include User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP) and Enterprise Digital Rights Management (EDRM). As a result, the Lookout SSE solution delivers an easy-to-use unified user interface across SWG, CASB and ZTNA that simplifies policy and reporting workflows. By analyzing telemetry data from users, endpoints and the data they’re accessing, Lookout dynamically enforces policies with varying degrees of granularity.”

Tenable’s focus at GISEC would be to highlight the need for customers to understand the risks their networks face with accelerated cloud adoption and their solutions that can help them fix those vulnerabilities.

Maher Jadallah, Senior Director Middle East & North Africa, Tenable says, “ Cloud adoption has exploded, particularly to accommodate a hybrid workforce. However, discovering and prioritising vulnerabilities in a cloud environment is only half the battle. Organisations need to shift left with cloud security to find and remediate vulnerabilities before they reach production.”

He adds, “When we look at how attacks play out, in the vast majority of cases, bad actors typically go after the low hanging fruit in networks — known but unpatched vulnerabilities. Having exploited a vulnerability to gain a toe-hold into the organisation, attackers will pivot focus to Active Directory and the identity infrastructure to escalate privileges and move laterally, with an aim to target further vulnerabilities, install malware and exfiltrate data. At GISEC, our focus will be helping organisations understand these security risks to their business.”

The trends of hybrid work models coupled with accelerated transformation towards multi cloud adoption, edge computing, IoT deployments etc has amplified the threat landscape.

Hadi Jaafarawi, Managing Director – Middle East, Qualys says, “The Digital Transformation and the Digital Age we are living in, make Enterprise IT environments boundless and more and more complex. We are basically facing a change of paradigm from a Corporate-centric to Cloud/Internet-centric landscape/infrastructure/network. What is needed to secure any IT infrastructure is, first and foremost, the visibility on all IT assets. This is the cornerstone of any cybersecurity program, because “you cannot se-

cure what you can’t see or you don’t know”. Furthermore, the visibility cannot just be from time to time, it has to be all the time and in real time.”

He adds, “The Qualys Cloud Platform, combined with its powerful lightweight Cloud Agents, Virtual Scanners, and Network Analysis (passive scanning) capabilities bring together all four key elements of an effective vulnerability management program into a single app unified by powerful out-of-the-box orchestration workflows.Qualys VMDR enables organizations to automatically discover every asset in their environment, including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets. VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities.”

The shortcomings of VPN have to be addressed in order to not to allow even legitimate users all unrestricted access which is where zero trust comes in.

Bahaa says, “Cloud-based infrastructure has enabled employees to be productive from anywhere on any device. This has driven the need for seamless access to corporate data to get their work done. As a consequence, many organizations have turned to virtual private networks (VPNs) to support remote workers, but this approach falls short in a number of ways. First, VPNs give whomever is connected unrestricted access without the contextual awareness of who or what wants access. Second, they don’t understand whether the device connecting into the network is free of malware or if the user is who they say they are. Third, a VPN can also give access to other devices connected to the user’s network that are frequently not under your control.”

Lookout Zero Trust Network Access (ZTNA) continuously monitors the identity of those requesting access to an organizations’ apps and understands what they need for work. These insights enable a Zero Trust approach, providing dynamic identity and context-aware access to data depending on the risk level of the user and device.

The move to a multi-cloud strategy has been largely driven by choices; using more than one cloud service provider allows an organization to choose whichever services and capabilities fit their needs best. According to Check Point Software’s 2022 Cloud Security Report revealed that cloud security incidents were up 10% from the previous year with 27% of organizations now citing misconfiguration, way ahead of issues like exposed data or account compromise.

According to Ram, “Organizations are continuing to adopt cloud, with 35% running more than 50% of their workloads on Azure, AWS and GCP, they struggle to manage the complexity of securRam Narayanan

Country Manager, Check Point Software Technologies, Middle East

ing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage. The right security framework will maximise full value and ensure security across these environments

He elaborates further on the evolving landscape. “The cybersecurity landscape presents a sophisticated perspective all together. While we understand that there are a set of partners who work and stick on to a particular industry vertical, today’s generation of threats is not limited only to a certain vertical. The Gen V of cyber attacks has expanded every organization’s perimeter. According to Check Point Software’s latest threat intelligence report, an organization in the UAE is being attacked on average 720 times per week in the last 6 months, with healthcare, finance/banking and retail/wholesale being the topmost impacted industries respectively. Most organization’s attack surface has become wider, now more than ever. Modern organizations are investing to recalibrate their cyber security approach around three main elements: Securing their corporate networks and data centers, securing cloud environments and lastly, securing employees wherever they are. “

Indeed, the attack surface is widening further with the proliferation of connected devices as well as the distributed workforce working out of anywhere. It will take the redefined approaches and solutions from cybersecurity vendors to address the sophisticated attacks that prowl around all threat vectors, looking for a way in.