Emerging Threat Landscape
Emerging Threat Landscape
Emerging Threat Landscape
Motivation VS Sophistication
Widening Attack Surface
Attack rates can differ great between industriesHow does yours compares? Source: 2013 IBM Source: Cyber Security Intelligence Index
According to a recent report by the DHS of USA and IBM, Security Incidents in the
FIRST HALF OF 2013 HAD ALREADY SURPASSED 2012!
And closer to home..Cyber attacks rob $45m from Gulf Banks
Cyber attacks on Gulf Infrastructure seen rising
UAE Central Bank thwarts hacking bid
Qatari Gas company hit with Virus in wave of attacks on Energy Companies
Hack on Saudi Aramco hit 30,000 workstations, oil firm admits
Dubai Police social media accounts hacked
Multi-Source fragmentation attack on Qatar
Attackers Leverage new IE zero-day in ‘Clandestine Fox’ op
UAE online stores increase security after Heartbleed bug
•Growth oriented Vision•Burgeoning Economy•High Disposable Incomes•Adoption of disparate technologies•Business Hub & Centre of World Events
•Unique Geo-Politics & Socio-Economics•Paucity of Skilled Resources•Inadequate Cyber Laws•Evolving Compliance Frameworks
HeadwindsTailwinds
Implications•Hotbed for Security activity•Technology investments have become white elephants•Attacks targeting HNIs•Influx of people with criminal intent•Fraudsters getting off the hook
UAE’s Unique Mix
Industry Speak2013 – Top 3 ThreatsMalwareInformation / Data LeakageTargeted Attacks
2014 – Top Security InitiativesReview PostureIncident Response CapabilitiesSpecialist Service Provider
2014 – Top Threats Prevalent
State SponsoredAPTInternal Leaks
Effect of Disruptive Technologies
Increases Risk exposureBlurring of boundariesDate Deluge
Skills AvailabilityPaucity of right skillsHigh AttritionContinuous up gradation challenging
• Readiness for MSSP services• Has to coexist• Specialized expertise• Ease of compliance
Security Strategies
7
Staffing – Lack of IT Security resources
Maintaining SecurityIncreased
Sophistication of Attacks
Lack of Budget / ROI justification
Integration of multiple systems
from multiple vendors
Concerns related to IT vendors /
suppliers and partners
Risk Transfer to Service Provider
• Delivers flexible managed security services that align with client goals
• Reduce the information security and compliance burden
• Enhances organizations’ existing security program, infrastructure and personnel
Simplify • Management &
Compliance Complexity
Manage• Paucity and retraining
skills• Ever changing threat &
technology landscape
• The service provider offers a Full OpEX model giving better ROI
• Re-use of customer CapEX, no new CapEX
Control• CapEX on technology
acquisition• OpEX on Operate
Monitor• Continuous Monitoring• Predictable service levels
• The service provider maintains a competent team abreast with latest products and technical knowhow which can become an extension of internal teams
• Enables organization to better utilize and focus internal teams
• Full maintenance, updates, rule changes, and tuning
• 24/7 monitoring by security experts
Etisalat – MSSP class Services
• Clean Pipes• DDoS
Mitigation• Cloud UTM• Cloud Web &
Email Security
• Threat Intelligence Services
• Brand Protection & Anti-Fraud Services
• Virtual SOC Services• Managed Endpoint &
Mobile Security• Vulnerability
Management
• Security Testing & Assessments• Security & Governance Program
Development• Compliance & Certification
Services• Residency Services• Security Awareness Training
Solutions• Security Operations Center
Services
• Security Device Management
• Managed PKI