IDC IT Security Roadshow: Reaching The New Frontiers in Data Protection

 IDC2 Cover

2nd article: Facing to invasion of more and more sophisticated data security threats business leaders push IT to deploy new technologies and services.

Continuing presentation of the IDC IT Security Roadshow organised in April 14th in Bucharest, will try to review the most important security issues discussed during keynote presentations and panel sessions.

Expose the Unknown – most important driver of data prevention for Check Point

One of the hottest subjects in the industry now is zero-day attacks prevention. According to Check Point a “zero-day” exploit is any vulnerability that’s exploited immediately after its discovery. We speak here about rapid attacks that take place before the security community or the vendor knows about the vulnerability, or has been able to repair it. Such kind of exploits are a Holy Grail for hackers because they take advantage of the vendor’s lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc. Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol. Once discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites. From practice, detailed information about zero-day exploits are available only after the exploit is identified.

IDC2 Check Point

Source: IDC

“Increasing your enterprise security often means increasing your complexity and management challenges in kind. Check Point delivers a multi-layered line of defence to help you maximize your security while minimizing challenges and closing gaps”, said Cezar Varlan – Security Engineer, Check Point Software Technologies

Trying to cover multiple-layers potential vulnerabilities, many organizations are investing in a disparate mix of new security technologies from a variety of vendors. All these tools provide punctual advantage but each must be managed individually, including reporting, provisioning, configuration and testing tasks.

Check Point offers a comprehensive solution, with a full range of interoperable threat prevention blades, common policy management and monitoring, and maximum protection from emerging threats. Attackers have become more creative, reaching corporate resources with modern and complex malware attacks. Check Point SandBlast Zero-Day Protection combines innovative technologies to proactively protect against even the most dangerous targeted attacks and unknown malware, while ensuring quick delivery of safe content.

Staying ahead of the threat with Fortinet

IDC2 Fortinet

Source: IDC

Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their maliciousness. As these attacks become more advanced, organizations must similarly improve their security posture. Why do these breaches continue? “Extreme focus on compliance, reacting only to known threats, and existing of to many point solution are between main reasons”, said Adrian Danciu – Regional Director, South Eastern Europe, Fortinet. “More that, the lack of a defined perimeter offers a borderless attack surface.”

Fortinet solutions are based on a deep segmentation for protection against outside and inside threats, proactive Mitigation, Advanced Threat Visibility, and Flexible Deployment Fortinet Advanced Threat Protection relies on multiple types of security technologies, products, and research applied from the network edge through to endpoint devices. To deliver the most effective protection, they are integrated to work together automatically, continuously handing off data from one to the next to identify, evaluate and respond to attacks.

Fortinet Advanced Threat Protection Framework delivers end-to end protection across the attack chain, based on three elements which work hand-in-hand:

  • Prevent – Act on known threats and information
  • Detect – Identify previously unknown threats
  • Mitigate – Respond to potential incidents

Fortinet was recognised as major player in fastest growing market segment – network security and WLAN market (IDC, 2015), largest network security appliance vendor (units) and quickly growing (IDC – Worldwide Security Products), and second largest provider for Data Center Firewall (Infonetics research).

Applying probabilistic mathematics and machine learning to cyber threat discovery

Very interesting point of view opened by Darktrace and Safetech, based on major role machine learning could have in probabilistic identification of cyber threats.

Image result for machine learning darktrace

Source: Darktrace

Machine learning can be thought of as the third and most recent machine revolution. The first was the replacement of muscle by machine in the industrial revolution. The second involved computers taking over repetitive tasks that had originally been done by people. Machine learning represents computers being able to undertake complex thoughtful tasks.

Darktrace’s technology is powered by advanced machine learning, allowing it to learn what is normal for a company’s network environment, so that it can then determine if any behaviour is abnormal. This allows it to detect cyber-attacks of a nature that may not have been observed before, the unknown unknowns. The ability to self-learn and adapt to a changing environment in real-time allows organizations to reconcile the need for an interconnected workforce, customer base and supply chain, whilst ensuring that they protect against serious, existential threats to their businesses in the most effective and pragmatic way possible.

Legacy approaches to cyber security embody the second revolution: people describe what an attack looks for, and then ask the computer to look for a match to that description. Darktrace turns this paradigm on its head, embodying the third machine revolution: the computer analyses the data and finds areas that merit human interrogation. It is this capability that allows Darktrace to abandon the legacy approach of rules and signatures, and analyse even fast-moving, sophisticated and unknown threats in real time.

“Our vision is to apply human intelligence to cyber defence through revolutionary technology. Deep expertise in cyber defence operations and ground-breaking, self-learning technology allows organizations to keep up with the speed and sophistication of today’s attackers, “said Mateusz Flak – Cyber Security Regional Manager, Darktrace. “The age of surrounding your information with higher and higher walls is over. Legacy approaches permanently leave you a step behind. Darktrace moves at the same speed as the threat, automatically learning from an organization’s ongoing activity in real time to detect threat behaviours as they emerge.”

New approach for modern threat prevention coming from Palo Alto Networks

IDC2 Palo Alto 2

Source: IDC

Most important is everybody should understand the prevention is no negotiable. The Palo Alto Networks’ strategy for modern threat prevention is based on five simple processes every organization should implement, each of them having a well-established actions:

  • Everything must go in the funnel
  • Reduce the attack surface
  • Block known threats
  • Test and adapt to unknowns
  • Investigate and respond
  • Investigate indicators

One of most frequent cyberattacks are ransomware messages. Attackers have traditionally profited by stealing identities or credit card numbers, and then selling them on underground markets. According to the Verizon Data Breach Investigations Report, the

price for stolen records has fallen, so cyber attackers are on the hunt for new ways to make a profit. Due to technology advances in attack distribution, anonymous payments, and the ability to reliably encrypt and decrypt data, ransomware effect is decreasing.

According Palo Alto Networks, the three key steps to protect against ransomware are based on:

  • Preparation – Having a solid backup and recovery strategy in place is the key to recovery if the worst were to happen.
  • Prevention – Segment your network, control access, stop known malware, and quickly detect and prevent unknown malware as it arises.
  • Response – Understand the latest ransomware families and campaigns. Have a plan in place for engaging law enforcement agencies.

To better deserve the threat and attacks research Palo Alto Networks opened Unit42, with clear mission to analyse the data available to Palo Alto Networks to identify adversaries, their motivations and resources to better understand the threats our customers face.

Other valuable principle developed by Palo Alto is based on comprehensive concept of Threat Intelligence. What is Threat Intelligence? “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard, “ explained Peter Lechman – Regional Sales Manager – Eastern Europe, Palo Alto Networks, during his keynote in IDC Roadshow from Bucharest.

A new approach to security from Symantec

Knowing how cyber-criminals are threatening security is the first step to securing information—and any company’s goals. From data breaches to digital extortion, the 2016 Symantec Internet Security Threat Report leverages an unparalleled amount of data and is the resource you need to quickly uncover digital threats.

Here are the main key finding pf the last edition of ISTR, presented by Christos Trizoglou – Regional Manager of MiTech Systems, Symantec in his keynote from Bucharest:

  • A large business attacked once in 2015 was likely to be attacked 3 more times

    IDC Sala 3

    Source: IDC

  • 50% of all targeted attacks were against small businesses
  • 55% increase in the number of spear-phishing campaigns attacks in 2015
  • 3out of 4legitimate websites found to have unpatched vulnerabilities
  • 125% increase in the number of zero-day vulnerabilities discovered
  • 100 Million Technical Support scams blocked
  • 35% increase in crypto-ransomware as it spread beyond end-users to holding businesses hostage
  • A record 9 mega breaches occurred in 2015
  • 430 Million new pieces of unique malware discovered

Symantec is ready to deliver a unified security intelligence platform that leverages the combined visibility and intelligence of all of his offerings (augmented by 3rd-party data) to block, detect, and remediate attacks, protect information, and reduce risk. Best Practices provided by Symantec are based on following advices:

  • Don’t get caught unprepared – Use advanced threat intelligence solutions to find indicators of compromise and respond faster to incidents;
  • Employ a strong security posture – Implement multi-layered endpoint security, network security, encryption, strong authentication &reputation-based technologies. Partner with a managed security service provider to extend your IT team;
  • Prepare for the worst – Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises;
  • Provide ongoing education and training – Establish guidelines & company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.

 Internet Identifiers – Your Most Undervalued and Under Risk Assets?

IDC2 Internet Security ICANN

Source: ICANN

Very interesting subject proposed by ICANN which considers Internet Identifiers for both vulnerability place and security asset. ICANN (Internet Corporation for Assigned Names and Numbers) is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. ICANN mission is to preserve the security, stability and resiliency of the Domain Name System and domain name registration services, to promote user confidence and trust in these systems.

Obviously identifiers are common targets for loss, misuse or abuse. Domain Name are subject of various attacks, having as consequence loss of Web services, public defacement, eMail or eCommerce functions disruptions. IP addresses damages conduct to network disruption and data exfiltration. Autonomous System Numbers breaks can generate disruption of global communications systems and largescale loss of commercial hosting.


Source: IDC

From Risk Mitigation perspective Internet Identifiers could be considered as assets. The best practice is based on quick adoption of standard risk management practices: regular evaluation of organization’s identifier assets, correct appreciation of the threat landscape and the vulnerabilities status, managing risks by priorities, and correctly positioning of mitigation techniques against protection costs. Periodic analysis is a strong defense.

Resource and relationship management could play critical roles in Risk Mitigation. “Organizations should know their allies, keeping points of contact for mitigation providers, upstream ISPs, hosting providers, registries, registrars, vendors and security service technical support,” said Andrea Beccalli – Stakeholder Engagement Manager – Europe, at ICANN

A new data protection regulation is born… during IDC conference in Bucharest

A happy coincidence was the final approval of the new EU General Data Protection Regulation has successfully passed through the European Parliament in the same day with IDC conference from Bucharest. Essential regulation and the critical importance for European Commission efforts toward a future Digital Single Market were presented by Bogdan Manolea – Legal Advisor,

European Union (EU) member states will now had two years to pass the new regulations – which were proposed by former EU justice commissioner Viviane Reding four years ago – into law. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

IDC Security 1

Source: cloud☁mania

Concluding, IDC IT Security Roadshow is a professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats. This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is advising security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.




IDC IT Security Roadshow: Cybersecurity as Key Business Effectiveness

IDC Sala

1st article*: A professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats.

Data security has always been one of the critical points in the IT industry, which has developed a real phobia for understanding, prevention and threat intelligence that addresses the inherent vulnerabilities of a system. The digital revolution generated by large technologies adoption in business processes has led on the one hand to mitigate risks but also generated new threats associated with key unexplored.

In his permanent engagements in innovative technology research and new trends adoption, IDC is developing a large frame of activities dedicated to data security and data privacy issues. Part of this engagement, IDC IT Security Roadshow examines global and regional trends related to security and provides actionable advice and best practices for organizations in an era of digital transformation.

IDC 3rd PLatformOrganizations increasingly invest in 3rd-Platform technologies primarily to spur business efficiency and improve business agility, and transform themselves into digital enterprises. These digital enterprises have dedicated fewer resources to securing their 3rd Platform-enabled technology infrastructure in recent years. They are now giving a higher priority to deploying advanced security solutions, as next generation technology investments pose higher security risks. IDC predicts that by 2017, over 10% of security investment will be spent in connection with personal data protection and regulatory compliance.

This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is inviting security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.

IDC IT Security Roadshow 2016 is first of all a powerful concentration of forces to communicate, to invite, support and disseminate information of the highest value to a heterogeneous community of specialists. It’s hard to organize and to hold an event. IDC Security Roadshow includes 20 events, in 20 locations in 18 countries from CEMA region, addressing over 3000 experts.

Bucharest was the 10th Roadshow location, after  the conferences that have already taken place starting February in Kiev (Ukraine), Prague (Czech Republic), Moscow (Russia), Belgrade (Serbia), Zagreb (Croatia),  Nicosia (Cyprus), Budapest (Hungary), Bratislava (Slovakia), and  St. Julians (Malta).

Until September 2016, other ten conferences will be held in: Warsaw (Poland), Almaty (Kazakhstan), Athens (Greece), Tbilisi (Georgia), Baku (Azerbaijan), Minsk (Belarus), St. Petersburg (Russia), Cluj (Romania), Vienna (Austria), and Tashkent (Uzbekistan).

Tomas Vavra

Thomas Vavra – Associate Vice President Software, IDC CEMA

Bucharest conference gathered together leading specialists in IT and cyber security independent experts, recognized analytics and key market players to discuss about:  threats and vulnerability management, identity & access management, Web security & mobile security, network security, endpoint protection and threat intelligence security services.

Within last three years, many Romanian companies were exposed to an increasing number of cyber-attacks and were forced to take emergency measures to prevent the threat and overcome the consequences. Unfortunately, the number of cyber-attacks will continue to increase exponentially in the coming years. During his introductory keynote, Thomas Vavra – Associate Vice President Software IDC CEMA, presented a series of facts shaping Romanian IT security landscape related to cybersecurity law adoption and the critical importance of European efforts toward a harmonized regulation frame for all the countries. European Data Protection and EU-US Safe-Harbor Privacy Shield are key part of European Commission strategy to create the Digital Single Market.

EU Originl Data Protection Keyboard

Source: EU Commission

A happy coincidence made that just during the conference in Bucharest in April 14th, the European Parliament announced final vote for the long-awaited General Data Protection Regulation (GDPR). EU members will now had two years to implement the new regulations, proposed by former EU justice commissioner Viviane Reding four years ago. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

Made in practice, GDPR will give citizens of all 28 member states more information on how their personal data is processed, presented clearly and understandably. They have now the right to know as soon as possible if their personal data is ever compromised, while the “right to be forgotten” has been clarified and strengthened. It will also become easier for people to transfer data between service providers, with the introduction of a right to data portability. The EU also said it saw benefits for businesses, with companies having only to deal with one supervisory authority across the EU, as opposed to one in each member state in which they operate.

IDC’s critical considerations exposed by Tomas Vavra in Bucharest refers to the necessity for a correct evaluation of the impact of proposed data protection rules by a continuous monitoring of data processing procedures. Extending existing solutions to meet specific requirements of national and regional data protection regulations is also a must. Any company and any organization had to plan ahead to have data protection solutions in place prior to their impact in business and operations.

IDC Top 3 Cybersecurity Predictions

#1: Data Protection Regulations – By 2019, 25% of security spend will be driven by the EU and other jurisdictional data regulations, leading to a patchwork of compliance regimes;

#2 Data Breach Impact – By 2020, more than 1.5 Billion People will be affected by data breaches, increasing calls for regulation and alternative authentication measures;

#3: Biometric Authenticated Transactions – By 2020, one-fourth of all worldwide electronic transactions will be authenticated biometrically, driven by the use of biometric-enabled devices.

What is clear in this moment is organizations should rethink their security strategies and to adapt their prevention and protection platforms to the new paradigm. In the actual context of digital transformation, data protection and data privacy are between most disrupted factors. Cloud intensive adoption, Internet of Think platform impact in all industries and mobile apps explosion opened new fronts for new vulnerabilities and more dramatic threats.

IDC Sala 3Adoption of 3rd platform and innovation driven business demands security evolution. Next-generation security solutions should be designed for distributed architecture, incorporating intelligent threat tools offered by Big data and Analytics technologies and data security anomaly detection based on contextual awareness and machine learning advanced mathematical models.

One of the newest and most emerging trend in data security is integration of biometric identification technologies. IT providers have quickly adopted alternative identification technics launching new smartphone models with fingerprint sensors, electronic payment with fingerprint reader as secondary validation system, voice recognition sensors in call centers, facial recognition scanners at events, or iris scan authentication at ATMs.

Unfortunately, a long series of incidents caused by hackers who broke biometric safety barriers and stole entire fingerprint data bases dismounted limits of new technologies credibility. A very active opposition is generated also by a large diversity of lobby groups demonstrating against privacy issues generated by large biometrics adoption.

In his critical considerations and advises for the industries, IDC specialists recommend a carefully adoption of biometric technologies and only as supplementary identification. Passwords are not death.  Any biometric system should be designed on deeply analysis of customer behaviour, consolidating the traditional methods of biometric data protection.

Ending opening keynote Thomas Vavra outlined the IDC’s key takeaways relating to security protection and data privacy:

  • Organizations should achieve full compliancy to rapid development of national and regional regulations;
  • Legacy security solutions are insufficient against modern and advanced threats opened by digital transformation;
  • New strategies should be based on intelligent solutions and services, engaging expert partners able to deliver proactive prevention;
  • 3rd Platform development requires optimum solution for improving identity and authentication;
  • Security specialists are key assets in any organization which should consolidate more efficient recruitment and retention program, providing also properly security training for all employees.

Concluding, we have to be optimistic. Keep strong passwords and your data will be safe. Even for security industry the best is yet to come. The staffing impact of the GDPR will be huge. More than 28,000 data protection officers (DPOs) will be required in whole Europe alone according GDPR regulations, says the International Association of Privacy Professionals (IAPP).

*Note: This is the first episode in a mini-series of articles dedicated to Bucharest conference included in the IDC IT Security Roadshow.  

Photo Sources: IDC

%d bloggers like this: