Volume 4 | Issue 02 | February 2020

EDITOR’S NOTE

?
What if we
could know
before?
Scanning through the headlines on world affairs,
I see disturbing news about the Coronavirus
(2019-nCoV) in China, which is spreading to oth-
er countries. It has now been declared a global
health emergency by the World Health Organi-
zation. The countries with weaker health systems
are likely to be impacted the most. It is also dis-
heartening to read about the number of people
Volume 4 | Issue 2 who have been infected and quarantined—and
February 2020 the rising death toll. I read a report on the BBC
that scientists are already working on the vac-
cine. Another report says clinical trials could
take months and we may not see the tested and
Editorial Management approved vaccine until the end of the year. By
International Editor Executive Director then, a few more thousands might have died, and
Amber Pedroncelli Apoorba Kumar*
amber.pedroncelli@eccouncil.org apoorba@eccouncil.org the outbreak might end.
Principal Editor Senior Director,
Brian Pereira Compliance & Governance
Unfortunately, something similar occurs in the cybersecurity world. When a new malware emerges, it can lie
brian.p@eccouncil.org Cherylann Vanderhide hidden in systems for months, gathering information, scanning systems, and profiling users. And then it strikes,
cherylann@eccouncil.org leaving little time to react.
Senior Feature Writer
Augustin Kurian Deputy Business Head
augustin.k@eccouncil.org Jyoti Punjabi But what if we could know all this ahead of time?
jyoti.punjabi@eccouncil.org
Feature Writer
Rudra Srinivas Head of Marketing
What if there was someone continually watching your infrastructure, looking for stealth malware and suspicious
rudra.s@eccouncil.org Deepali Mistry activity on your network? They could send you alerts and technical advisories every day or whenever a new
deepali.m@eccouncil.org malware is discovered in the wild. They could be your eyes and ears so that you could focus on other things that
Technical Writer
Mihir Bagwe Marketing and Business Development are core to your business.
mihir.b@eccouncil.org Officer
Riddhi Chandra That’s where cybersecurity is heading today.
Feature Writer riddhi.c@eccouncil.org
Pooja Tikekar
pooja.v@eccouncil.org Digital Marketing Manager According to ReportLinker Market Research, the global Managed Security Services market is expected to grow
Jiten Waghela from US$24.05 billion in 2018 to US$47.65 billion by 2023, at a Compound Annual Growth Rate (CAGR) of 14.7
Media and Design jiten.w@eccouncil.org
Media Director percent during this period.
Saba Mohammad Publishing Sales Manager
saba.mohammad@eccouncil.org Taruna Bose What is causing demand for Managed Security Services (MSS) and which services are in demand? How do
taruna.b@eccouncil.org CISOs evaluate security services? What is the technology that is helping to predict a malware attack?
Sr. Graphics Designer
Sameer Surve Publishing Sales Manager
sameer.s@eccouncil.org Vaishali Jain These are some of the questions we address in our cover story, which includes inputs from global CISOs, indus-
vaishali.j@eccouncil.org try analysts, and Managed Security Service Providers (MSSPs).
UI/UX Designer
Rajashakher Intha Technology
rajashakher.i@eccouncil.org Director of Technology The issue you are reading has a new look and a fresh design. Please write to us and let us know what you think
Raj Kumar Vishwakarma about the new design.
rajkumar@eccouncil.org

Tell us what you think of this issue. If you have any suggestions, comments or queries, please reach us at
editorial@cisomag.com or brian.p@eccouncil.org.
Image credits: Shutterstock

* Responsible for selection of news under PRB Act. Printed & Published by Apoorba Kumar, E-Commerce Consultants Pvt. Ltd., Editor: Brian Pereira.
The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not
Jay Bavisi
necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may Editor-in-Chief
not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be repro-
duced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.
 INDEX

08 BUZZ 40 TECH TALK

H ow Small Businesses Can
Protect Themselves from
Cyberattacks
I nterview with Chris Wolf, Vice
President and CTO, Global
Field & Industry, VMware

46 KICKSTARTER

C yfirma brings Cyberthreat

Intelligence to the Fore

14 INSIGHT

D
Rat
eception Tactics in
Cybersecurity: Human Lab

22 COVER STORY
54 REWIND<<
B ig Brothers and Guardian
Angels
Top newsmakers and the hottest
cybersecurity news of the month.
 events.cisomag.com

#ksacybersec
Senior Government Leaders
25+ Speakers
Block your calendar
100+ Companies
APRIL 21, 2020 10+ Technology Providers
& More...

For more details write to

marketing@cisomag.com
 BUZZ...

Top 7 Stats from Report

» Every year cyberattacks cost small
businesses an average of almost
US$80,000, and losses can range
up to US$1 million.
» A survey reports 88 percent of
small business owners felt their
business was vulnerable to a
cyberattack.
» Almost two-thirds of small busi-
nesses fail to act following a cyber-
security incident.
» 56 percent of SMBs say, defending
mobile devices from cyberattacks
is extremely challenging.
» The top three attack vectors cited

W
HOW SMALL BUSINESSES hen most people think of
cyberattacks, major data
by SMBs are mobile devices, lap-
tops, and cloud systems.

CAN PROTECT THEMSELVES

breaches at humongous
companies like Equi-
» Just 16 percent of SMBs are “very
fax and Yahoo, typically confident in their cybersecurity
readiness.”
FROM CYBERATTACKS
come to mind. This is per-
fectly understandable, as these are the attacks that
impact the most people and always make head- » 60 percent of SMBs lack a “cyber-
lines. But cybercriminals don’t limit their attacks to
large companies—they also target countless small
attack prevention plan.”
Zack Schuler, businesses every year. And in many cases, these
Founder & CEO, NINJIO attacks destroy businesses and livelihoods.

8 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 9
 BUZZ...
owners felt their business was vulnerable to
There’s no reason to put it delicately: The state a cyberattack. However, due to resource con-
of cybersecurity in the world of small and medi- straints, a lack of technical expertise, and the
um-sized businesses (SMBs) is nothing short of rapid pace of change in the cybersecurity
alarming. Not only are SMBs relentlessly targeted world, they often feel helpless or ill-prepared
by hackers, they’re also woefully unprepared to to defend themselves against the vast range
defend themselves and unequipped to handle the of cyberthreats they face.
aftermath. This is a status quo that has to change
immediately—SMBs are the biggest engine of the In fact, a survey of more than 4,100 SMB cy-
U.S. economy and they’re at risk like never before. bersecurity professionals recently conducted
by Forrester, found that almost two-thirds of
small businesses fail to act following a cy-
bersecurity incident. Even when the threat is
right at their doorstep, many SMBs don’t know
SMBs are the biggest en- what to do.

gine of the U.S. economy

and they’re at risk like The World is Changing for SMBs
never before..
There are many factors that contribute to the
challenging cybersecurity situation for SMBs.
First, digital operations are no longer option-
al for any company—even if your market is
The Scope of the Problem small and local, consumers are increasingly
demanding the ability to do all their business
Every year, cyberattacks cost small businesses online.
an average of almost US$80,000, and losses can SMBs are changing the way they operate in
range up to US$1 million (according to a report the digital era. For example, a 2018 Cisco sur-
by the Better Business Bureau). Meanwhile, a vey of SMBs found that the percentage of their
2018 study by the Ponemon Institute found that networks that are on the cloud increased from
more than two-thirds of SMBs reported that they 55 percent to 70 percent between 2014 and
had been targeted by a cyberattack within the 2017. While almost 70 percent of SMBs say
preceding year. Substantial majorities of SMBs they’re making this transition for security rea-
also agree that cyberattacks are becoming more sons, an increased reliance on cloud-based
targeted, severe, and sophisticated, but despite services can also open up new vulnerabili-
these facts, almost half of respondents say they ties.
have no understanding of how to protect against
cyberattacks. Meanwhile, other aspects of the digital transi-
tion have proved difficult for SMBs, 56 percent
A recent survey by the U.S. Small Business Admin- of which say, defending mobile devices from
istration found that 88 percent of small business cyberattacks is extremely challenging. Pon-
emon reports that the top three cyberattack
vectors cited by SMBs are mobile devices,
laptops, and cloud systems.

10 - CISO
10- CISOMAG
MAG- -February
February2020
2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February
February2020
2020- -CISO
CISOMAG
MAG- 11
-11
 BUZZ...

The Ponemon report also discovered that issues such

as a lack of money, out-of-date cybersecurity tech-
About the Author
nologies, and insufficient personnel are all major
obstacles cited by SMBs. But the main threat cited
in the report is employee negligence, as phishing/
social engineering attacks were reported more than
any other, while negligent employees or contractors
were cited as the top root cause of the data breaches.
How SMBs can Protect
Themselves
According to the Forrester survey cited above, just
16 percent of SMBs are very confident in their cyber-
security readiness. Despite the fact that SMBs are in-
creasingly concerned about cybersecurity, Forrester
also found that almost half of them don’t have a clear-
ly defined strategy for protecting themselves. This is
a common theme in surveys of SMBs. A 2019 Keeper
survey found that 60 percent of respondents lack a
cyberattack prevention plan.
SMBs have to start taking cyberthreats more serious-
ly, and this starts with education—for business lead-
ers as well as employees. Many SMBs have convinced
themselves that they’re incapable of protecting them-
Zack Schuler is the founder and
CEO of NINJIO, a cybersecurity
awareness company that empowers
individuals and organizations—
from Fortune 500 companies to small
businesses—to become defenders
against cyberthreats. Prior to launching
NINJIO, Zack was the founder and CEO of the IT
services company Cal Net Technology Group.
In addition to his entrepreneurial pursuits,
Zack is a member of the Forbes Technology
Council and he’s on the board of governors
for Opportunity International, an organization
that provides microfinance loans, savings,
insurance, and training to more than 14.3
million people who are working their way out
of poverty in the developing world.
Disclaimer: CISO MAG did not evaluate the
advertised/mentioned product, service, or
company, nor does it endorse any of the claims
made by the advertisement/writer. The facts,
opinions, and language in the article do not

88%
selves from cyberthreats, but this couldn’t be further reflect the views of CISO MAG and CISO MAG
from the truth. Not only are there powerful security does not assume any responsibility or liability for
tools at their disposal—such as data-at-rest encryp- the same.
tion and multi-factor authentication—but they’re also
capable of turning one of their biggest vulnerabili-
ties into a strength.

Human error is by far and away the biggest cause of

cybersecurity breaches. While this is disconcerting,
it’s also empowering—when SMBs make cyberse-
curity training a top priority, they can drastically re-
duce their risk without spending tens of thousands of
dollars on cutting-edge digital solutions. This isn’t to
say technology isn’t an important element of cyber-
security, but it’s always worth remembering that the
most advanced piece of hardware on the planet is the
human brain.

A recent survey by the U.S. Small Business Administration found

that 88 percent of small business owners felt their business was
vulnerable to a cyberattack.

12 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 13
 INSIGHT

D
eception has been a de-
fense strategy in military
and intelligence programs
for hundreds of years. As
cybersecurity techniques
mature, we continue to bor-
row proven methods from
more traditional security
industries. Deception in the military setting is of- Deception in the mil-
ten as simple as setting out decoy items that cre-
ate a false image of strength or create a feint to
distract the enemy from the real intentions of your
itary setting is often
campaign. In the cybersecurity setting, we look
to honeypots as the clear example of a deception
as simple as setting
tactic. Most people in the cyber field would say
we are not using deception in a thoughtful or ma- out decoy items that
ture way. Honeypots are simple and usually easy
to spot once you find your way into one. Creat-
ing decoys on the network seems like a waste of
create a false image
time and precious computing resources, so what
would the benefit be to deception techniques in of strength or create
network defense?
a feint to distract the
Deception Experiment Through
enemy from the real

Deception
Penetration Tests

An American Federally Funded Research Lab

ran an experimental series of penetration tests
intentions of your
to study how deception or even the illusion of de-
ception might impact a malicious actor’s methods campaign.
or chance at success. I had the unlikely chance

TACTIcs
to participate in this event as a human test sub-
ject. I happened to be looking for some screen capture. Over the course of two 8-hours
Human short-term contract work
and a two-day
sessions on consecutive days. Each person was
given a vague set of instructions to penetrate the

lab rat
Dick Wilkinson, IT Security Officer
New Mexico Judicial Information Division
pen test event
came up in my
search. The pay seemed very generous and the
details very light. I had to follow through and see
where this event might lead. Only upon final con-
tract signature did I find out the event was a hu-
man test subject experiment.
The experiment was designed to measure stress
and cognitive response to a complex network en-
vironment. The room was built with private stalls
with no interaction between participants. Each
test subject was issued a biometric measurement
watch that measured heart rate and other stress
markers. Each stall had two computers, one to
launch attacks against the test environment and
the other for research on the external internet.
All activity on both machines was recorded via
network and collect all data that could be inter-
esting in a pen test report; demonstrate vulnera-
bilities, exploits and access, and then report your
findings. The test hinged on one sentence in the
instructions of some users but not in the instruc-
tions for others. The instruction: Look for signs of
deception on the network, and if found include in
your report.
Reality or Deception?
The idea of deception on the network was meant
to lead you into a false sense of self-doubt. Do I
slow down? Do I second guess every step to look
for reality or deception, or do I just get on task
and start collecting data? The real world does not
have many... [Continued on page 18]

14 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 15
 INSIGHT

“ I sat for eight hours running down

rabbit holes only to find one completely void virtual
machine after another. I then sat for an hour of
psychological tests asking if I felt frustrated or misled
or if my confidence was in question.

16-16 - CISO
CISO MAGMAG - February
- February 2020
2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February
February 2020
2020 - CISO
- CISO MAG
MAG -17- 17
 INSIGHT
[Continued from page 15] many networks with de-
ception present. Almost no pen test methodology
is taught with deception in mind, we believe what
we see is real and we execute accordingly. Even
the idea that deception might be present is a very
unusual prompt for a pen tester or hacker. I was
one person with the deception present in my in-
structions. I sat for eight hours running down rab-
bit holes only to find one completely void virtual
machine after another. I then sat for an hour of psy-
chological tests asking if I felt frustrated or misled
or if my confidence was in question. The next day
was more of exactly the same. In this case, while
I can’t truly establish my own personal baseline, I
feel certain deception ruined any chance of suc-
cess for me. The myriad of easy to see and useless
to penetrate machines left me scratching my head.
18 - CISO MAG - February 2020
18- CISO MAG - February 2020
About the Author
Dick Wilkinson is the Chief Information
Security Officer on staff with the Supreme
Court of New Mexico. He is a recently
retired Army Warrant Officer with 20 years
of experience in the intelligence and cyber
security field. He has led diverse technical
missions ranging from satellite operations, combat field
digital forensics, enterprise cybersecurity as well as
cyber research for the Secretary of Defense.
Mixed Results
The results of this project were published with
very little conclusive evidence other than that the
testing method was valid and deception may im-
pact behavior. The final note of the report was to
encourage further research into enhanced decep-
tion techniques. The lesson learned for network
operators and network defenders from these ex-
periments is that deception will have mixed results
and only a thoughtful plan could lead to enhanced
protection. The balance of resources invested vs.
results gained would be hard to prove. Creating
deception for a specific type of attack method may
yield some results but again, proving a negative
would be a challenge. Only the most mature se-
curity program should even consider deception Disclaimer: CISO MAG does not endorse any of the claims made by the writer. The facts, opinions, and language in the
techniques and it should not be at the cost of other
article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
resources.
Views expressed in this article are personal.
Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 19
February 2020 - CISO MAG -19
 With a growing readership comprising of over
50,000 senior cybersecurity leaders and influencers
from across the globe, CISO MAG is proud to bring
back the Power List—a publication that gives cyber-
security companies who have over the years been at
the forefront of innovation and versatility, a podium
for exposure. Like our previous editions of the Power
List, CISO MAG will again give an opportunity to in-
novative brands to share the stage with the giants in
the realm of the information security sector to make
WATCHOUT FOR THE LEADERS IN a mark for themselves and become the very best
companies to be tracked in the future.
NETWORK SECURITY IN OUR The first Power List issue of the year will address one
APRIL 2020 ISSUE of the biggest areas of concern in cybersecurity—
Network Security.

From the Sony hack to tampering with the last U.S.

Democratic elections, the world remained a witness
to the havoc that can be wreaked by unsecured net-
works. These instances testified the fact that the fab-
ric of the world can be distorted by cyberattacks
and it is now of paramount importance that the
networks stay secure. The Power List issue this April
will focus on the global trends in Network Security
NETWORK SECURITY and the disruptors in the space.

If this isn’t enough, we also bring you our exclusive

Network security survey in this special issue. The sur-
vey will garner responses from the leaders in the cy-
bersecurity space on making crucial decisions like
choosing the network security provider, deploy-
ment of virtualized firewalls, migration toward the
cloud, among several other things. The survey will
also identify gaps in Network Security which needs
to be addressed in global markets.

All this is just an overview of what to expect from the

first Power List of 2020. We also take this opportuni-
ty to call upon revolutionary Network Security com-
panies to share their stories with us so that they can
be the legends of tomorrow. We are all ears!

Reach out to CISO MAG at

marketing@cisomag.com
to nominate yourself to
be a part of Power List.

An EC-Council Initiative
20 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 21
COVER STORY
MANAGED SECURITY SERVICES

B
ig Brother is a fictional slogan “Big Brother is watching you.” Today,
character in George “Big Brother” denotes abuse of government

BIG BROTHERs Orwell’s

novel
dystopian
Nineteen
Eighty-Four, published
power, particularly in respect to civil liberties,
often specifically related to mass surveillance.
But “Big Brother” is not always negative. In the
in 1949. The story is context of cybersecurity, an enterprise needs

and Guardian Angels about an imaginary

state called Oceania,
where there is great suffering and social
injustice. Its citizens are under the constant
surveillance of the governing authorities,
Brian Pereira, Principal Editor
mainly through telescreens. The people
CISO MAG are constantly reminded of this through the
a “Big Brother” or “Guardian Angel” to watch
over its infrastructure. And so, our cover story
focuses on the companies who look after your
IT infrastructure through managed security
services (MSS). We’ve got viewpoints from
global CISOs, industry analysts, and Managed
Security Service Providers (MSSPs).

22 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 23
 COVER STORY
MANAGED SECURITY SERVICES
Regulation & Traditional
Compliance security
Here are the key findings of our research: monitoring is
With the introduction of new inadequate
Every type Threat Shortage of regulations and compliance
of business landscape is experienced mandates, organizations will Traditional securi-
and industry expanding; manpower find it a challenge to keep up ty monitoring prac-
nature of attacks and yet focus on their core tices don’t stand
is vulnera- businesses. Non-compliance
is sophisticated The lack of cybersecurity a chance when it
ble skills and declining securi- can also prove to be expen- comes to detecting
ty budgets has made it im- sive and lead to business and blocking mod-
To make threats losses, as we have seen in
All businesses, possible for organizations ern-day threats. Two
more sophisticated the case of GDPR.
regardless of to monitor its infrastructure traditional approach-
and targeted in na-
size and sector, effectively and block recur- es, SIEM (securi-
ture, threat actors “Organizations must have in-
are exposed to ring attacks. ty information and
are employing arti- depth knowledge of current
cyberattacks event management)
ficial intelligence, privacy laws, regulations and
today. Orga- This is more so in the case and LM (log management), are no longer
machine learn- compliance frameworks that
nizations are of small and medium busi- enough.
ing-based tech- affect their business,” said
digitizing and nesses and government or-
niques, and stealth Jason Albuquerque, Chief
connecting in- ganizations that don’t have “There is a need to have next-generation
technology. Information Officer & Chief
frastructure to budgets for hiring high-sal- security operations where Managed De-
the cloud and aried security profession- Information Security Officer, tection and Response (MDR) providers
D.C.S. Hariharan, Carousel Industries, Inc. “With the rapid-
the Internet. als. can support enterprises by providing ad-
Information Security ly changing governance, risk and compli-
Even manufac- vanced detection, faster incident mitiga-
Risk & Compliance ance landscape, it becomes extremely dif-
turing compa- Dick Wilkinson, IT Securi- tion, global threat intelligence, and deep
Head, Syngene In- ficult to stay up to date with these changes.
nies, which for ty Officer, New Mexico Ju- threat analytics,” said Hariharan.
ternational Ltd., said, “The emergence of For this expertise, organizations can look to
decades used dicial Information Division,
threats such as DDoS attacks, targeted ran- MSSPs for help.”
operational informs us that, in the U.S., Pankit Desai, Co-founder and CEO at
somware, cyber extortion, and advanced
technologies a shortage of qualified se- SEQURETEK, said, “Companies are now
malware attacks, has led to a higher uptake MSSPs have experts on compliance and
(OT), are now using SCADA (superviso- curity employees is driving seeking MSSPs with an integrated mod-
of advanced security solutions.” regulation and they can ensure adher-
ry control and data acquisition) and IoT companies to use a shared el. Earlier, there were separate entities
devices that are prone to cyberattacks. resource like a MSS provider ence to regulations for data localization, for monitoring, for response, and manag-
Ransomware impacted several healthcare or a SOC (Security Opera- storage and protection requirements. ing. Today there is a capability that looks
companies in 2019. tions Center). at identification to remediation and re-
“Global MSSPs must have a global data sponse, to detection. You need one val-
Malicious actors tend to compromise in- “Security employees are in management strategy to be sure that they ue chain—someone who orchestrates it
tellectual property, financial data, credit high demand and thus more are not adding business or compliance risk end-to-end.”
card details, personally identifiable in- expensive to hire, so the cov- to their clients. Also, to add additional val-
formation (PII), electronic health records erage of an MSS SOC can be ue for the customer, these subject matter
(EHR), customer transaction records in a way to close that gap at a experts can act as consultants to the clients
retail, blueprints for components, busi- lower cost,” said Wilkinson. to help build strategies to strengthen their
ness secrets—and sell it on the Dark Web. security posture,” added Albuquerque.

The move to Managed Security Services
Boards in companies take cybersecurity very serious-
ly today, more so after digitalization. A cyberattack on
IT infrastructure could bring business operations to a
halt, peeving customers, partners, and shareholders.
That could lead to a decline in the share price of a
company, loss of customers, and irreparable damage
to its reputation.
An organization can take two paths to reduce the
chances of that happening: They could either have
an in-house security team working round the clock in
shifts to monitor and manage infrastructure. The other
option (and a more cost-effective one) is to outsource
their security management to a third-party or MSSP.

24 24 - CISO
- CISO MAGMAG - February
- February 20202020 Vol Vol 4 - Issue
4 - Issue 02 02 Vol 4 -4Issue
Vol 0202
- Issue February 2020
February - CISO
2020 MAG
- CISO - 25
MAG - 25
 COVER STORY
MANAGED SECURITY SERVICES

According to ReportLinker Market Research, the

global managed security services market is
expected to grow from USD24.05 billion in 2018 to
USD47.65 billion by 2023, at a Compound Annual
Growth Rate (CAGR) of 14.7 percent during this
period.

26 26
- CISO MAG
- CISO - February
MAG 2020
- February 2020 VolVol
4-4 Issue 02 02
- Issue Vol
Vol 4 -4Issue
- Issue
0202 February
February 2020
2020 - CISO
- CISO MAG
MAG - 27
- 27
?
COVER STORY
MANAGED SECURITY SERVICES

E
nterprises are looking to enhance their se-
curity posture through MSS solutions be-
cause of the expanding threat landscape,
What shifts do you see in growing incidents of ransomware, increased
adoption of IoT devices, and migration to the

Security Services, as
cloud.

compared to two years ago?

The increasing adoption of IoT and SCA-
DA devices has made the security landscape even more
complex, and organizations need to deal with securing and
detecting threats across an expanded attack surface.
D.C.S.Hariharan

F
The lack of in-house talent and the constant push to meet reg-
ulatory compliance also drive the adoption of MSS solutions. Information Security Risk &
or a very long time security hidden Compliance Head
under the realm of infrastructure Syngene International Ltd.
was treated as one of many tasks.
The shift in mindset has led to it be-

A W
ing an independent tower with lead-

F
ership as well as niche partners who
can provide the attention to address s we find it harder to employ ithout question,
the specific domain challenges. security staff, it becomes demand is strong
rom a growth standpoint, cyber-
security has shown continuous practical to outsource cy- and growing. The
The second shift is creation of informal and formal net- bersecurity to those who global managed
growth in Asia and—given the
works for knowledge sharing. The industry now, instead have managed to have a security services
visibility in this space—this is
of being insular and secretive, leans on each other to strong pool of security ex- market is expect-
not expected to change. If we
benefit from each other’s learnings. perts. Additionally, com- ed to grow from
look at it from a visibility stand-
point, the conversation of securi- panies feel the pressure to US$24.05 billion
The third shift is moving from independent components comply with more stringent data privacy legislation, in 2018 to US$47.65 billion by 2023, at a Compound
ty has basically moved from the
of detection, management and monitoring to finding a notably the European Union General Data Protec- Annual Growth Rate (CAGR) of 14.7 percent during
IT department into the boardroom. Over the last ten
way to own complete kill chain from identification to re- tion Regulation (GDPR) and the California Consum- this period (source: ReportLinker Market Research).
years, we used to have two engineers sitting in the IT
sponse. er Privacy Act (CCPA). Many have put their trust There are a multitude of reasons serving as cat-
department supporting the firewall and that was suf-
ficient from a security standpoint. But a transition has in managed security service providers (MSSPs), alysts for this growth, but with the severe–and
Lastly, security impact focus has moved from large to who they hope will have the knowledge and ex- worsening—shortage of global cybersecurity tal-
occurred. When a breach occurs today, it effects
small enterprises and from financial sector to other perience to help them avoid a costly data breach ent, more enterprises are relying on third-party
the brand of the company, reputation and the stock
industries. As there is no set pattern of who gets im- and/or regulatory fine. service providers for their resources, skills, and
price. Earlier, what used to be an IT risk security has
pacted. subject matter expertise to fill that widening gap.
now changed to an enterprise security risk.
We are certainly seeing an increase in client interest
in this area and expanding our team as a result.

Mandeshpal Pankit Desai Rebecca Jason

Singh Banvet Co-founder and CEO Wynn
Regional Head of Sequretek
Albuquerque
Global CISO & CIO & CISO
Cybersecurity Product VP Internal Audit, Carousel
Strategy (APAC) [24]7.ai Industries, Inc.
Verizon

28 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 29
COVER STORY

?
MANAGED SECURITY SERVICES

G T
lobally, we observe an uptick
in the adoption of MDR ser-

T
vices. Several new security he pay-per-use model for man-
product vendors and securi- aged services is growing. Adoption

What is driving
he Managed Services market in other sectors is also growing be-
ty consulting firms have in-
is rapidly growing, owing to cause of the compliance and secu-
creased the competition for

demand for
the increasing threat vectors, rity mechanism, which is required
existing players in this seg-
emerging technologies and when companies in these sectors
ment. The evolved regulatory
stricter cybersecurity regu-

Managed Security
landscape further supports the market growth, as are going digital. Earlier the distri-
lations around the world. The bution happened through written
now these regulations are more focused on breach
traditional in-house manage- orders on paper. Now the orders are coming in main-
detection, notification and disclosure. The MSS

Services?
ment of IT infrastructure is ly through the digital channels. This can be your order
market is growing at a steady pace, as the fo-
becoming expensive, and companies seek great- management solution, SCM, ERP, or your billing system.
cus on managed security information and event
er predictability in their IT budgeting, reduction of When you have those kind of systems, which are ex-
management (SIEM) services improved global-
operational risk and the ability to better exploit the posed to the Internet for your distributor, dealer, or con-
ly. Lastly, the challenges with security staffing and
advanced features of today’s technologies. sumer to order, then you not only need basic hygiene,
conservative budgets facilitate this growth, as enter-
prises seek cost-efficient ways to secure their sys- but also a strong security system in place to have your
The Managed Services business model offers a continuity of business maintained via digital channels.
tems.
huge opportunity, which enables organizations
to offset shrinking margins on product sales, They have new requirements for governance and se-

I
to address increased customer demand for out-
sourced IT services—and free the internal staff
Rajpreet to focus on strategic projects. Also, with the intro-
duction of the cloud, hardware is quickly becoming
Kaur an afterthought. The MSP becomes a strategic IT ad-
Principal Analyst visor, averting problems and making recommenda-
tions regarding future technology needs.
Gartner
As the volume of breaches and the threat perime-
ter are expanding, the managed service business
n America, a shortage of qualified securi-
ty employees drives companies to using a
shared resource like an MSS provider. Secu-
rity employees are in high demand and thus
more expensive to hire, so the coverage of
an MSS SOC can be a way to close that gap
at a lower cost.
curity of the different digital channels. And the fast-
est way to achieve this compliance and (high level of
security) is to outsource it to a managed service pro-
vider who is well-versed with the nuances of man-
aged security service, and can make you secure and
compliant, and run the show (operations) without
taking too much time to deploy it.
If you do it in-house then the time-to-market will be low.
And you also need to build high skills in-house. Compa-

F
is moving beyond the price war and customers are Government employees, for example, are often as- nies in manufacturing or pharma, for instance, are more
focusing more on quality and efficiency rather than signed to strict pay scales described by local stat- focused on their business and cannot acquire these high
pricing. ute. It may not be possible for a government office level skills in-house. They are more focused on their
rom where I sit, I see a not-sur-
to offer a competitive salary to even a junior securi- core business of manufacturing, distribution and sales.
prisingly small uptick, maybe
ty professional. Outsourcing the need to an MSS They are not keen to invest in in-house security.
3–5 percent overall. I think that
may be the best choice to gain at least some lev-
sunk capital is probably the
el of advanced protection if you can’t attract the
main driver behind the stunted
right talent.
adoption. As those contracts
begin to fall off over the next Jaspreet
several years, I would guess
more will turn to MSSP for multiple services. Singh
Partner -
Dick
Robert S Cyber Security
EY Wilkinson Manish Israni
Turner IT Security Officer Head of IT Operations
IT Director New Mexico & CIO
Bronson Judicial Yotta
Methodist Information Infrastructure
Hospital Division

30 - CISO MAG - February 2020 Vol 4 - Issue 02 VolVol

4 -4Issue 0202
- Issue February 2020
February - CISO
2020 MAG
- CISO - 31
MAG - 31
COVER STORY

? C
MANAGED SECURITY SERVICES

L S
arge organizations have invest-
ed or are investing heavily in
What is driving
securing themselves with state-
of-the-art security solutions and
demand for Managed
resources. For the threat actors, it
becomes difficult to bypass / at-
Security Services? tack large organizations because
of their high level of security. So
instead of targeting large enterprises, which
may take a longer time for them to penetrate,
ecurity Outsourcing is hap-
pening across the board but
in slightly different ways.
The large enterprises typi-
cally want most services to
be done within their own
premises. Whereas, small
and medium enterprises
curity services providers to meet their needs.
typically want most services to be done remotely,
ompliance, privacy, data protec-
tion laws and digital business
risk will continue to increase
concerns at the C-Suite and
Board levels. This, coupled with
the severe talent shortage,
will compel more customers
to partner with managed se-

U
sing an MSS firm can be an
efficient way of obtaining the
next level services a growing
business requires--as it moves
from very small, to a size
where it will potentially need
to more rigidly follow various
security frameworks and un-
with little or no onsite presence. From a percent-
we are seeing that bad guys / threat actors tar-
get SMB companies, because the security level
age point of view almost 75 percent of it happens Jason
between small and medium-sized enterprises.
in smaller companies is not high as compared to
large organizations. This eventually results in the
Albuquerque
threat actors spending less time (when compared to
Across all segments, the key reasons for security CIO & CISO
outsourcing happens to be:
attacking a large organization). So, if they take, say Carousel
five to six months of sustained effort in penetrating a
a. Compliance and regulatory guidelines Industries, Inc.
large organization, they could get through multiple b. Lack of in-house skills that are needed
SMB’s in the same time frame.
to run security operations
c. High attrition levels among security

T
dergo external audits. At the same time, these grow-
ing businesses may come under greater scrutiny by Altaf Halde professionals
d. High costs to sustain operations because
cyber criminals, especially as the data they are pro- Global Business he relentless rise in threat
tecting grows and becomes more valuable. of non-availability of shared support
levels has been a catalyst for
Head extraordinary growth in the
The business needs to mature its InfoSec and Pri- Network In addition to the above, large enterprises have a
Managed Security Services
vacy practices in line with the increasing value of few more issues:
Intelligence market. A growing number
the company and the data it must protect. The risk of enterprises are choosing
appetite for a business decreases as it grows, (I) Pvt. Ltd a. Managing and operating a multi-vendor
to outsource their network
particularly if it exposes itself to new threats by environment (security is a fragmented

A
security service require-
expanding its online presence; this is even more market)
ments to better equipped third parties. The out-
of a factor if the online presence is revenue gen- b. Effective security operations also
vailability versus demand sourcing trend represents a boon for value added
erating. Protecting that new revenue stream and require a good understanding of other
of security talent, economy service providers seeking to expand their reper-
the new volume of data can drive the demand for related technologies including network,
of scale and perceptions toires. These organizations are becoming important
an increase in security services. Additionally, as datacenter, applications and cloud
about the relative impor- customers for security solutions as in the past it has
many hiring markets are extremely competitive, at- computing
tance of security invest- been challenging for the customers and the CIO’s to
tracting and retaining specialized security talent is integrate their different solution providers. The rap-
becoming increasingly difficult. MSS offers an ap- ments are among the main
drivers toward managed idly growing appetite for cloud computing across
pealing option, having done the legwork to attract the corporate sphere is also encouraging customers
talent already. services. In large and
to engage MSPs for a holistic solution encompassing
very large companies, complexity, speed and in- Balaji on-prem and as-a-service security solutions. .
creased appetite for risk can help create a clear-
er business case to develop in-house capabili- Subramaniam
Robert ties, including security operations centers. Head - Mandeshpal
Cyber Security
Pellerin Robert S NTT Ltd. (India)
Singh Banvet
CISO / CSO / IT Turner Regional Head of
Director IT Director Cybersecurity Product
Valetude / Bronson Strategy (APAC)
Veracross Methodist Verizon
Hospital

32 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 33
COVER STORY

?S
M L
MANAGED SECURITY SERVICES
SSPs’ portfolios include arge organizations having their
one or more of the follow- own SOC are using AI, Big Data
ing managed services: and Analytics, and are also look-
security event monitor- ing at deploying SOAR platforms.

M
ing and response ser- Whereas some MSSP’s have their
vices as well as other own Big Data Platform that is pro-
services that may be spe- vided as a service to customers.
What type of
SS providers are con-
stantly working towards
cific to the MSSPs’ core This helps the Incident Handlers
building intricate and
market (such as IT outsourcing or telecommu- & Threat Hunters do a more effective job on the out-

Security Services robust threat monitor-

ing systems. Keeping up
nications). Additionally, it includes, security tech-
nology administration and management of firewalls,
puts that the systems deliver.

are in demand?
ecurity Services, including
cybersecurity testing and
analytics, as well as pene-
tration testing, vulnerability
assessments, network secu-
rity assessments and red/
blue teaming will be in de-
mand. We also see demand for
Cybersecurity Program Assessments/Man-
agement, Risk Assessments/Compliance.
unified threat management (UTM), intrusion de- It is important that organizations have a running
with the wave of digital
tection and prevention system (IDPS), an endpoint practice for Threat Hunting, Threat Intel & Auto-
transformation, MSSPs
protection platform (EPP), endpoint detection and mation. Many security organizations have declared
are also harnessing the
response (EDR), a secure web gateway (SWG) and that it takes an average of 206 days for a threat actor
power of new-age technologies such as cloud,
a secure email gateway (SEG). to be detected. This makes it imperative for orga-
AI/ ML and deep learning. Today, threats evolve
nizations to proactively conduct Threat Hunting, de-
faster than reactive defenses can keep up. That’s
pute decoys, subscribe to various Threat Intel feeds,
why automated, predictive abilities of the machine
and use AI and Machine Learning so that they are
and deep learning technologies are gaining im-
one step ahead of the threat actors.
portance to counter modern threats through pre-
dictive analysis and network behavioral analysis. Rajpreet
MSSPs are also delivering security services and soft-
Kaur Altaf Halde
ware on the cloud (Security as a service or SECaaS). Principal Analyst Global Business
This trend is gaining popularity because of its afford- Gartner Head
ability and interoperability, while still providing the
leading and updated security tools to user entities. Network
Intelligence
The model of managing everything as a service (I) Pvt. Ltd
(XaaS) is increasingly being adopted by the man-
aged service providers, who help their clients with
services such as implementation, integration and

Additionally, several Managed Security Services
will continue to be in high demand. These in-
clude SOC, SIEM and log management, asset
discovery, vulnerability management, security
automation, endpoint detection/response, intru-
sion detection/response and threat detection/
hunting, including threat intelligence and inci-
dent response.
Jason
Albuquerque
CIO & CISO
Carousel
Industries, Inc.
H
the day-to-day management of the solution. The
future presents opportunities for the IT channel
and managed services providers that will help or- istorically, the most beneficial ser-
ganizations to adhere to regulations, reduce costs, vice would be staff augmentation to
streamline and ensure operations and improve cus- reach a 24x7x365 response model.
tomer’s experience. Increasingly, I am seeing threat intel-
ligence, SIEM platform hosting and
threat hunting services. The number
of resources needed to fully staff in-
ternal services is beyond most SMBs.
I would think that would be a minimum of six full-time
Jaspreet equivalent staff, just in the monitoring service. Threat
Singh
intelligence and hunting would be services that most
small shops would not have, mostly due to conflicting
Partner - internal priorities and fiscal management. In other
Robert S. Turner
words, they would be viewed as “extras”. Services such as
Cyber Security security platform engineering, vulnerability scanning and IT Director
EY reporting and patch management are less likely to be out- Bronson Methodist Hospital
sourced, due to the necessary internal knowledge of inte-
grated systems and support culture.

34 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 35
 ?
COVER STORY
MANAGED SECURITY SERVICES

?
What do you look for in a
What type of Security Services are in demand? Managed Security Service

Y M
ou will see more adoption of SSPs have recently gained
Provider?
cloud and managed security prominence in recent
services. When an organization years as SMBs become
moves its infrastructure to the more aware of the potential
cloud, it ensures that the secu- effects of a cyberattack.
rity was much better than what While MSPs have been
it was on-premises. When you catering for the IT needs

A
move to a service provider or

a large cloud operator, you get the expertise from
a scale point of view. That will expose you to more
available services for you to be aligned with organ-
ic and inorganic growth of your organization. So, a
Managed Services Provider will introduce more
services in the MSS portfolio. The customer will
also try to be more digital and use digital chan-
nels to connect to their customers. Customers will
use various digital payment platforms and will be
integrating those platforms and want to ensure that
these are secure. Adoption for cloud, moving to out-
sourcing, and with new managed service providers
coming in, all this will expand this market, with dif-
ferent kinds of solutions.
Manish Israni
Head of IT Operations
& CIO
Yotta
Infrastructure
of organizations for many
years, the need for a more advanced cybersecurity
program to meet modern threats is a relatively new
phenomenon.
Whether it’s phishing, malware, ransomware,
or user error, the potential for serious breaches
in the security of SMBs is growing. This is further
amplified when you consider the use of mobile de-
vices in the corporate environment increasing the
number of endpoints that requires protection. In the
Verizon Mobile Security Index 2019, it’s been noted
that 62 percent of companies have experienced a
mobile related compromise.
Mandeshpal
Singh Banvet
Regional Head of
Cybersecurity Product
Strategy (APAC)
Verizon
business partner with a
deep understanding of their
service delivery model, de-
ployment, and onboarding
processes. They must be
able to engage deeply and
effectively with our team on
a daily, weekly and month-
ly basis. They should continuously provide 24x7
incident response, data collection and analytics, or-
chestration and automation, managed detection and
response—and have integrated processes for ana-
lyzing threat intelligence and forensic investigation.
They should also be capable of:
• Scalability to support demand, mergers and
acquisitions
• True Multi-Tenancy for compliance and reg-
ulatory adherence
• Integration to existing security investments
• Solution Accuracy and flexibility with event
monitoring to fit my risk and business needs
O
n a high-level, when choosing
any managed services offer-
ing, you must make sure your
provider is available to you
24 hours a day, 7 days a week,
every day of the year. Your
business depends on it. They
also need to respond quickly
to your needs and problems. Make sure that your IT
provider does not forward calls to a call center but
responds in a timely manner. Look for guaranteed
response time. They should assist you with yearly
planning and look for ways for you to save money
and improve efficiency. The MSSP needs to be for-
ward thinking and looks out for your interests.
Choosing an MSSP is a complex decision for any
organization. The chosen MSSP will be a long-
term partner for the organization, acting as an
extension of the internal security team. This type
of relationship with a security provider can deliver
real benefits.

G
In their Services, critical requirements include
modern or current experience, a robust incident
ood examples are IDS services where an response capability and the ability to develop and
external firm will coordinate the events meet or exceed metrics that align to my risk-based
and potential incidents as well as put security strategy.
human eyes on logs to provide the best
chance of detecting anomalous behav-
Rebecca
ior that could be nefarious. Additional-
Jason
ly, many MSS providers offer “compliance Wynn
guidelines” to help guide businesses new
to regulations. FIMs (File Integrity Monitoring) are also com-
Albuquerque Global CISO &
monplace offerings at this time, and many web-based MSS pro- CIO & CISO VP Internal Audit,
viders offer portals to manage incidents, request reviews, and do Robert Pellerin Carousel [24]7.ai
other bookkeeping activities.
CISO / CSO / IT Director Industries, Inc.
Valetude / Veracross

36 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 37
COVER STORY

?
MANAGED SECURITY SERVICES

What do you look for in a Managed Security

Service Provider?

D
epending on the services I
need, I would prioritize a host-
ed SIEM, the ability to ingest
my organization’s data logs,
the ability to provide mean-
ingful and actionable output,
including reports, threat intel-
ligence and SOC services. Of
course, all of this must be provided at a cost that is
appropriate to a non-profit. I have a lot of sales folks
trying to convince me that a specific service is worth
a specific asking price. The simple fact is that, if the
organization can’t afford it, it doesn’t matter how
good the product is.

What I have been asking my vendor for is either CONCLUSION

customizable reporting or direct access to the
data to allow meaningful metrics, such as con-
tainment and eradication times. I have also been
discussing ticket management within the SIEM so
that my team can add case artifacts and case man-
agement detail. Some help desk systems support
this, but I would prefer an out-of-band platform that
Robert S. Turner
IT Director Older methods of threat detection and response
Bronson Methodist Hospital are inadequate to detect and contain modern day
threats, which have grown in volume and so-
phistication. Declining Security budgets
and the shortage of skill manpower mean
Therefore, an organization should do its due diligence
when selecting an MSSP. The crucial things that
CISOs look for are deep knowledge and experience
in service delivery. Everyone wants high engage-
ment, high availability and immediate incident re-

T
is better integrated with the SIEM itself.
an in-house team would be inadequate sponse 24x7x365 from their MSSP.
and inapt to monitor and manage the cy-
he top considerations (which are just a sam- bersecurity needs of the organization. Automation, managed detection and re-
pling of a more broad list of selection param- sponse, integrated processes for analyz-
eters) are that first, the vendor must match our While small and medium business- ing threat intelligence, and forensic in-
needs closely enough that we don’t have to es took the lead in outsourcing their vestigation are on every CISOs wish list.
make significant operational changes to utilize security management to MSSPs, the
the service, unless we are purposely looking to large enterprises are now treading This year we will see traditional Managed
make changes to mature or improve practices. the outsourced path. Service Providers and managed hosting
Next, the provider must be a dedicated and providers become MSSPs, offering Man-
“badged” practitioner, meaning that they must follow at least the The MSSPs on their part become cus- aged Security Services or partnering
same external audit scrutiny that most growing businesses must do todians of the enterprise’s data and with MSS/MSSP organizations to offer
as a baseline to ensure that best practices are being followed and infrastructure and must shoulder the re- full scope IT services with security
continuous maturity is part of their culture. Next, depending on the sponsibility of protecting it. This needs to embedded as a core function. These
service, access to live expert help being available to explain poten- be ascertained through SLAs and contracts traditionally siloed organizations are
tial threats and incidents in more detail and recommend action. My with third-party service providers. converging in order to create com-
business colleague, Mike Martell, who is currently managing a large petitive advantage in the market,
SaaS implementation adds, “For organizations whose production
Robert Pellerin infrastructure lives in the cloud, finding a vendor who is “cloud
The MSSPs also need to secure their own in-
frastructure, because threat actors have set
address customer needs and gain
economies of scale.
CISO / CSO / IT Director native” is very helpful. Not only do their staff understand spe- their sights and pointed their weapons on
Valetude / Veracross cial considerations when dealing with virtualized or contain- MSSP infrastructure—which is a gateway to
er-based deployments, but often their technical approach is their customers’ infrastructure.
light-weight, built to work within existing cloud infrastructure,
and often paired with a modern portal / management suite.”

38 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 39
 TECH TALK
SECURITY HAS TO BE
INTRINSIC AND BAKED IN
AT THE TIME THE
APPLICATION IS BORN
IN T E RV I E W
CHRIS WOLF
VICE PRESIDENT
AND CTO,
GLOBAL FIELD & INDUSTRY
VMWARE
Chris Wolf serves as CTO, Global Field, and Industry
at VMware. In his role, he is responsible for shaping
VMware’s long-term technology vision while ensuring
that Research and Development priorities align with
customer and industry needs. Wolf’s team drives
thought leadership and industry alignment in a
number of emerging areas, including cloud, Edge,
IoT, server platforms, HPC, and NFV. Chris also leads
VMware’s 140+ member CTO Ambassador program,
which further scales VMware R&D to customers and
the technology community at large.
40 - CISO MAG - February 2020
Prior to joining VMware, Chris was a Research Vice
President for Gartner’s Technical Professionals service
where he managed the data center and private
cloud research agenda. Before that, Chris was a
founding member of the Data Center Strategies
team at Burton Group, an independent virtualization
consultant. Wolf holds a Master of Science degree in
Information Technology from the Rochester Institute
of Technology and has authored several technology
books.
Brian Pereira, Principal Editor, CISO MAG met
Wolf to discuss how the Carbon Black acquisition
will strengthen the security of VMware’s offerings.
Carbon Black is a leading cloud-native endpoint
protection vendor and was on Gartner’s magic
quadrant 2019 as a Visionary company for endpoint
protection. Post the acquisition, we will see Carbon
Black’s security technology integrated into VMware’s
security products and platforms.
Wolf told us that on average, every week, the VMware
R&D team is provisioning 500,000 containers and
more than one million VMs. With that level of agility,
security has to be part of the CI/CD (Continuous
Integration Continuous Delivery) pipeline, he says.
Wolf talked about the emergence of intrinsic security
models. Security has to be built into the application
at the very beginning, he insists–and not done as an
afterthought.
Excerpts from the interview follow:
Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG --41
41
 TECH TALK
How is the approach to security changing
today? Why is the old approach inadequate
to counter the volume and sophistication of
today’s threats?
There’s recognition from our CISOs and security leaders
that the security fabric needs to be more dynamic than the
threats we face. Our threats are highly sophisticated and
continually evolving every second. There’s a recognition
that we have to invest in new ways of doing things.
Enterprises need to invest in transformational
architectures—they can start with a greenfield project,
build new skills internally, and train their staff on new ways
to operate security, which is purely software-defined.
At VMware, we believe that security has to be intrinsic and
baked in at the time the application is born. On average every
week, our R&D team is provisioning 500,000 containers
and more than one million VMs. With that level of agility,
security has to be a part of the
CI/CD (Continuous Integration
Continuous Delivery) pipeline.
It can’t be something that is The current approaches to
done as a manual process. It has
to be ingrained in the DevOps security are unsustainable,
processes.
costly, impractical, and not as
The current approaches to
security are unsustainable, efficient as they should be.
costly, impractical, and not as
efficient as they should be.
What can we expect in 2020? How will the
cyberthreat landscape evolve? What are
the new attacks that we should expect? How
should we be preparing?
The problem is going to get worse. The proliferation
of ransomware is becoming an increasing problem
as well. I think 2020 becomes a transitional year
for security. We’ll see organizations start to move
towards far more scalable and dynamic architectures
and new ways to solve problems.
If you start with network security—today for securing
a packet, that packet is passing through a firewall, it
is getting inspected, and there are multiple layers;
there’s multiple places where that packet is being
routed to be inspected, and there could be a policy
applied.
We flip that model—now the actual server that’s
running the application is scaling out and doing all
of that work. So, it looks at the packet one time and
it can apply network policy, security policy, firewall
policy—all with a single pass of that packet. That’s a
42 - CISO MAG - February 2020
far more scalable architecture. The notion of having
these physical taps on the network goes away.
Today, if you write the firewall rules, it is independent
of the application. In many cases, the application
might retire, and the firewall rules might persist—
depending how strong the process and automation
might be.
So, security becomes an attribute of the application.
That’s far more intrinsic than what you had today.
It means that 2020 is the time when enterprise
customers start to invest in architectures that support
these intrinsic security models.
We don’t assume that enterprises are going to
replace their existing fabric. But they can take a
few greenfield applications and start to apply these
models and train their teams to operate them. We
expect to see significant
investments in that space
in 2020.
We have apps
everywhere today and
on different clouds.
How does one reduce
the attack surface,
understanding application behavior? The
whole security paradigm changes when you
move from client-server to the cloud.
We provide a significant amount of context around
the application with our AppDefense technology.
We can understand how the application accesses the
processor and what processes the application spins
up or how it is accessed in physical memory. What
is the app writing to the file system? What is the app
trying to do over the network?
By creating all this context around the application,
we can understand how the application is supposed
to behave. And in doing so, we can then create a
security policy and firewall rule that distinguishes a
known state of the application. When I see anomalies
or deviations to that known state, I am going to act.
This is how you counter a zero-day attack.
By having that end-to-end context of the application,
we can start to do far more interesting things from a
security perspective.
Vol 4 - Issue 02
If you start with network security—today for
securing a packet, that packet is passing through
a firewall, it is getting inspected, and there are
multiple layers; there’s multiple places where
that packet is being routed to be inspected, and
there could be a policy applied.
What trends are you seeing in the adoption
of endpoint security solutions?
We’re seeing significant traction in terms of
organizations looking for holistic solutions rather
than pieces and parts. A good example of that is
Workspace ONE. If we went back a few years ago,
we saw many of our customers trying to piece
these parts together themselves, and we’ve seen
a significant trend heading in the other direction
over the last 18 months. Organizations can now
have access management across all the different
services and can connect their end-users from a
single console.
How will the acquisition of Carbon
Black help VMware become a security
leader? And how will you integrate
Carbon Black technology into
VMware products and platforms?
With Carbon Black coming into the fold,
we have formed a new security business
unit. We see forces come together—
Workspace ONE, Trust Network API sets.
We have a number of leading security vendors that
have already committed to providing feeds into
that platform. We are trying to enforce conditional
access policy, and we need to understand all the
context right from all of the different security
feeds, inclusive of the ones that aren’t related to
VMware or Carbon Black.
So, that’s really the key in terms of getting all
of these data sources into the platform and then
being able to do actionable automation based on
the feeds from those sources.
The second part of the strategy, which is really
Vol 4 - Issue 02 February 2020 - CISO MAG --43
43
 TECH TALK

important, is baking this technology into our vSphere Ten Minutes

that could save
hypervisor (ESXi). So, now our security stack is going
to be a part of VMware tools that gets installed with
every virtual machine. This gives us a way to do true
agentless security across our entire portfolio.

$$$ Millions
From a customer perspective, you are going to have
an end-to-end view of security policy. And we have
an end-to-end way to enforce the policy—from the
application running on the server all the way up to
the endpoint.

(in possible loss of data, revenue and reputation!)

Take the Cybersecurity

Risk Assessment Survey

Get a customised report for FREE.

See where you stand amongst your peers!

Your business info will remain secure and confidential.

That's an EC-Council promise.

4444 - CISO
- CISO MAG
MAG - February
- February 2020
2020 VolVol
4 -4Issue
- Issue
0202 Vol 4 - Issue 02 February 2020 - CISO MAG - 45
 KICKSTARTER

CYBERTHREAT
INTELLIGENCE IS
AN INCREASINGLY
OVERUSED
TERMINOLOGY,
CONFUSING THE
INDUSTRY AND

cYfirma
BLURRING THE
LINES BETWEEN
INFORMATION AND
QUALITY
INTELLIGENCE.
THIS IS WHERE
CYFIRMA STEPS-IN.

brings
cyberthreat
Intelligence
to the fore kumar ritesh
ceO
cyfirma

Mihir Bagwe, Technical Writer

CISO MAG

46 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 47
 KICKSTARTER
A company to watch

I
The company’s growth and service offerings depend
mainly on the leadership, guidance and mentoring of
n the last two decades, the cybersecurity its C-suite, and CYFIRMA has got the perfect piece to
landscape has evolved, but security fit in this puzzle. CYFIRMA’s Chairman and CEO, Ku-
processes and controls have failed to mar Ritesh, has over two decades of experience in
integrate quality outside—in view of global cybersecurity leadership and has various cer-
new cyberthreats and risks. Cyberthreat tifications including PMP, CISSP, CISM, CISSP-ISSAP,
intelligence is an increasingly overused TOGAF 9.1, CIPM, and CIPT, among others, to back his
terminology, confusing the industry and knowledge and skill set. He’s a highly dynamic execu-
blurring the lines between information and tive displaying a high grade of technological acumen
quality intelligence. This is where CYFIRMA steps in. and business skills, along with a strong track record
of developing successful cybersecurity strategies,
CYFIRMA is a cyberthreat intelligence analytics products, policies, standards, and solutions.
platform company with a flagship product called
DeCYFIR (CAP v2.0). This product is designed His resume also includes the development of proto-
using Artificial Intelligence and Machine Learning types for data loss prevention, social profile risk as-
(AI/ML) to provide real-time insights, threat visibility sessment, web content assessment management, in-
and situational awareness to prevent business telligence-led cyber risk management, and adaptive
losses. It helps organizations discover and decode cyberthreat intelligence tools.
unknown cyberthreats and mitigate potential
risks. The platform aggregates, correlates and Ritesh always observed that organizations struggled
analyzes information from the open and dark web, to understand the external threat landscape, as their
to effectively identify and process potential threats cyber posture management was highly focused on
at the planning stage of a cyberattack. It provides internal protection, security controls and building
deep insights into the cyberthreat landscape, firewalls. This was proving ineffective, given that
and amplifies the preparedness of organizations threat actors always kept modifying their approach,
by providing relevant, predictive and prioritized methodology and techniques. A productized offering
cyberthreat visibility and intelligence. was needed to help organizations consume multi-di-
mensional intelligence driven by deep technology—
The predictive capability of the platform gives thereby making cyber posture management efficient
organizations deep insights that correlate data and effective.
to form a threat story, providing context to every
threat, increasing accuracy of threat alerts and CYFIRMA’s clients are exclusively provided with:
helping clients prioritize resources for cyberattack
prevention. It also equips organizations with a multi- • Client-tailored and customized Outside-in/Hack-
layered approach to cybersecurity and helps form er’s view of the cyberthreat landscape.
strategic, management and tactical viewpoints. • Multi-dimensional strategic, management and
tactical cyberthreat visibility and intelligence.
• Threat indicators at the planning stage versus the
execution and exploitation phase of a cyberat-
tack.
The Three Layers of DeCYFIR are: • Indicator centered threat hunting capabilities,
which could be as simple as a conversation or
geo-political issue driving the cyberthreats and
Strategic : Optimize resource allocation and risk-management initiatives by understanding the strategic risks.
threat landscape. • An ability to integrate intelligence and insight
---------------------------------------------------------------------------------------------------------------- into risk management, cyber posture manage-
ment, and regulatory, compliance, governance,
Management : Integrate insights on threat actors’ campaigns, attack mechanisms and tools into internal investment and resource management.
processes. • Deeper analytical insights into situational aware-
----------------------------------------------------------------------------------------------------------------- ness, cyberattacks and events, incidents, vul-
Tactical : Safeguard an organization’s cyber posture by blocking known malware signatures, malicious nerabilities, technology or regulatory shift.
domains, command and control servers (C2 servers) or indicators of compromise (IoCs).
CYFIRMA has a team of highly experienced profes-
sionals with a rich expertise in the cybersecurity do-
With comprehensive threat visibility combined with intelligence and actionable insights, CYFIRMA is fast be-
main along with AI and ML, among others. We believe
coming a trusted advisor, partner and digital enabler to leaders who are accelerating transformative growth.
CYFIRMA is the company to watch out for in 2020, es-
pecially with its core product DeCYFIR, which is be-
ing upgraded and launched in March 2020.

48 - CISO MAG - February 2020 Vol

Vol44--Issue
Issue02
02 Vol 4 - Issue 02 February 2020 - CISO MAG - 49
 KICKSTARTER

SNAPSHOT
Company: CYFIRMA Holdings Pte Ltd
Core solution: CYFIRMA’s proprietary, cloud-based Cyber Intelligence Analytics Platform
– DeCYFIR (CAP v2.0)
Website: https://www.cyfirma.com/
https://www.cyfirma.jp/
Social Media Handles:
LinkedIn: linkedin.com/cyfirma/
Facebook: facebook.com/Cyfirma/
Twitter: https://twitter.com/cyfirma
Founder/CEO: Kumar Ritesh
Location(s): Singapore, Japan and India
Employees: 40+
Estimated Annual Revenue: $3 million
Funding:
Seed Funding – Total investment in
US$3million, as part of Antuit Group,
CYFIRMA was Incubated since 2017
• List of investors: Goldman Sachs,
Zodius Capital
• Lead Investor: Goldman Sachs
Series A Funding – Total investment in
Series A, US$5 million
• List of investors: Goldman Sachs and
Zodius Capital
• Lead Investor: Goldman Sachs
PRODUCT
AND SERVICE
OFFERINGS
CYFIRMA’s proprietary and award-winning cloud-
based Cyber Intelligence Analytics Platform (CAP
2.0) – DeCYFIR, essentially provides the following:
• Broad range of cyber intelligence use
Awards: cases
• CYFIRMA was selected as “Most valuable • Real-time multi-layered intelligence
brand of 2019” by prestigious journal
• Early threat visibility
IndustryWired
• Holistic cyber situational insights
• Recognised in Aspioneer’s “10 Most
Trusted Cybersecurity Solution Providers, • Cyber trending and current landscape
2019” • Deeper analysis and research
•
Selected in the list of “Top 25 • An illustrative dashboard
cybersecurity companies – 2019” by CIO
Applications The following core DeCYFIR (CAP v2.0) modules
drive the consumption of CYFIRMA’s insights and
• CYFIRMA is Featured in ICE71’s latest
intelligence:
Singapore Cybersecurity Startup Map
Threat Visibility & Intelligence: Provides
• Acclaimed as one of the “Top 10 Artificial
Intelligence driven solution provider comprehensive multi-dimensional strategic,
2019” by Enterprise Security amongst management and tactical intelligence and
230 competitors insight into latest cyberthreats applicable to an
organization, industry, and geography.
• Listed in the prestigious Cyber Startup
Observatory – US CyberSlide, APAC Cyber Awareness: Provides real-time cyber
CyberSlide, Singapore CyberSlide and insights, trends, latest cyber news, technology,
Japan CyberSlide and regulatory changes, emerging cyber-attacks,
vulnerabilities and exploits.
• Named in APAC Business Headlines
Magazine’s “10 Sought After Risk Cyber Incident Analytics: Enables analysis of
Management Solution Providers in 2019” malicious files and automatic correlation with
Industry-wise Services: threat landscape to present affiliations to any
threat actors, campaigns and indicators.
• Defense & Security
• Manufacturing Besides these, CYFIRMA’s service offerings also
include:
• Health care
• Daily Cyberthreat Intelligence reports
• Travel & Hospitality
• Weekly Security Updates
• Retail
• Cyber Education
• Vulnerability Analytics
• Brand/Individual Cyber Risk Monitoring and
Cyber Risk Scoring

5050 - CISO
- CISO MAG
MAG - February
- February 2020
2020 Vol44--Issue
Vol Issue02
02 Vol44--Issue
Vol Issue02
02 February2020
February 2020-- CISO
CISOMAG
MAG--51
51
 KICKSTARTER

DeCYFIR Launch

March 2020

Spin-off from Antuit to be-

come an independent entity

Goldman Sachs and Zodius

Capital enter as key investors

Oct 2019
Management Team
established

Jan 2020
Began development of
second enhanced ver-
sion of Cyber Threat
Intelligence Analytic
Developed and
Platform (CAP v2.0)
launched first Prototype
of Cyber Threat Intelli-
Early 2019
gence Platform.
Launched CAP v2.0
Onboarded top 5
Japanese global
Mid 2019 Rapid client adoption in-
companies cluding global Japanese
MNCs

Established as a
March 2018
part of R&D arm of
Antuit, one of the
world’s leading data
and analytics com-
panies

January 2017

5252 - CISO
- CISO MAG
MAG - February
- February 2020
2020 Vol
Vol 44 - Issue
- Issue 0202 Vol
Vol 44 - Issue
- Issue 0202 February
February 2020
2020 - -CISO
CISO MAG
MAG - 53
- 53
REWIND << JANUARY

biggest data breach of the month

250MN CUSTOMER
RECORDS EXPOSED DUE TO
MISCONFIGURATION:
MICROSOFT

M
icrosoft admitted to
a security blunder
of misconfiguring a
customer service and
support database
that exposed 14
years of customer
service and support
data dating back to 2005. The exposed database
was accessible to anyone with a web browser,
requiring no authentication at all.
As per Microsoft’s blog, on December 5, 2019, a
change was made to the said database’ network
security group. It was later found that appropriate
measures were not taken to verify the Azure
security rules and this misconfiguration further led
to the data exposure. The exposure was discovered
by a security research team at Comparitech led by
Bob Diachenko. He uncovered a total of five Elastic
Servers containing 250 million records including
logs of communication between Microsoft’s
support engineers and its customers.
Diachenko discovered these databases on
December 29, 2019 and understanding the critical
nature of the security hole quickly reported it to
Microsoft. Considering the Holiday Season, he
wasn’t sure if the vulnerability could be plugged
immediately, but Microsoft secured all the servers
and corresponding data by New Year’s Eve.
Diachenko’s research says that personally
identifiable information (PII) of clients was in
most cases obscured, but some of these records
contained plain text data, such as:
• Customer email address
• IP address
• Location
• Descriptions of Customer Service and
Support query
• Attending Microsoft support agent email
• Case number, resolution given, remarks
entered
• Internal notes marked as confidential
Microsoft said, “We want to sincerely apologize
and reassure our customers that we are taking
it (database misconfiguration) seriously and
working diligently to learn and take action to
prevent any future reoccurrence. We also want to
thank the researcher, Bob Diachenko, for working
closely with us so that we were able to quickly fix
this misconfiguration, investigate the situation,
and begin notifying customers as appropriate.”

54- -CISO
54 CISOMAG
MAG- -February
February2020
2020 Vol44- -Issue
Vol Issue02
02 Vol44- -Issue
Vol Issue02
02 February2020
February 2020- -CISO
CISOMAG
MAG- -55
55
REWIND << JANUARY
mergers & acquistions

FIREEYE ACQUIRES CLOUD

SECURITY STARTUP
CLOUDVISORY

C
ybersecurity firm
FireEye acquired
cloud security startup
Cloudvisory to advance
its cloud-hosted security
operations. FireEye
caters to enterprises and
helps businesses thwart
cyberattacks. With the addition of Cloudvisory,
FireEye will provide customers a single operations
platform to monitor multi-cloud environments,
hybrid-cloud firewalls, and integrate container
security.
Commenting on the acquisition, Grady Summers,
Executive Vice President of Products and Customer
Success at FireEye, said, “Customers need
consistent visibility across their public and hybrid
cloud environments, as well as containerized
workloads. Cloudvisory delivers this visibility
and allows FireEye to apply controls and best
practices based on our frontline knowledge of
how attackers operate. Security is top of mind for VMWARE COMPLETES
ACQUISITION OF PIVOTAL FOR
almost all organizations as they migrate critical
workloads to the cloud.”
US$2.7 BILLION

V
Mware, a provider of accelerate software delivery across data center,
enterprise software, cloud, and edge environments.
completed the
“It’s my pleasure to announce Ray O’Farrell as
acquisition of cloud-
the leader of VMware’s new Modern Applications
native platform
Platform business unit—uniting the Pivotal and
provider Pivotal
VMware Cloud Native Applications teams.” said
Software in a deal worth
Pat Gelsinger, CEO, VMware.
US$2.7 billion. The
latest acquisition integrates Pivotal’s developer- Commenting on the acquisition deal, Edward
centric offerings with VMware’s upstream Hieatt, Senior Vice President at Pivotal, said,“Pivotal
Kubernetes run-time infrastructure tools to deliver has fundamentally changed how the world’s
comprehensive enterprise security solutions. The biggest brands build and manage software with a
acquisition also offers product building blocks and focus on developer productivity through platform
integrated solutions that are tested and proven abstractions and development techniques as well
with technical expertise that customers need to as connecting the business with the developer.”

56 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 57
REWIND << JANUARY
Julia Tagg, technical lead from Dstl, said, “This
In focus DASA competition has the potential to lead the
transformation of our defense platforms, leading to

U.K. INVESTS IN
a sea change in the relationships between AI and
human teams. This will ensure U.K. defense remains
an effective, capable force for good in a rapidly

REVOLUTIONARY changing technological landscape.”

“Crews are already facing information overload

ARTIFICIAL INTELLIGENCE with thousands of sources of data, intelligence, and
information. By harnessing automation, autonomy,

WARSHIPS machine learning and artificial intelligence with

the real-life skill and experience of our men and
women, we can revolutionize the way future fleets
are put together and operate to keep the U.K. safe,”
Tagg added.

W
ith an aim to help warship crews
make quick decisions and
process data efficiently, the U.K.’s
Ministry of Defense announced
contracts to use AI-based
(artificial intelligence) technology in warships.

According to a source, Defense and Security Accelerator

(DASA) will be funding £1 million (around US$1.3
million) for AI contracts as part of its “Intelligent Ship
– The Next Generation” competition, which is aimed at
using innovative approaches for Human-AI and AI-AI
teaming for various defense platforms like warships,
aircraft, and land vehicles.

James Heappey, U.K.’s Defense Minister, said, “The

funding will research pioneering projects into how AI
and automation can support our armed forces in their
essential day-to-day work.”

DASA’s warship competition, in alliance with the Defense

Science and Technology Laboratory (Dstl), is intended
to enhance the designs of future defense platforms
by using advances in automation, autonomy, machine
learning, and AI.

58- CISO
58 - CISOMAG
MAG- February
- February2020
2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 59
 REWIND << JANUARY

In focus

BETTING COMPANIES ACCESS

EDUCATION DATA OF 28MN
CHILDREN IN THE U.K.

T
he U.K. government is
facing criticism for allowing
betting firms to access the
Department for Education
(DfE) database, called the
Learning Record Service,
which contained personal

AFTER TOKYO OLYMPICS, NOW

data of 28 million children.
The database stores information on students aged
14 years and above, from schools and colleges in
England, Wales and North Ireland for academics
and education purposes. The exposed information
THE SPECIAL OLYMPICS FACES
included names, ages, addresses, and personal
PHISHING MENACE

S
details.

According to a report published by the Sunday Times,

Trustopia, a third-party training provider, apparently
violated an agreement with the government and gave
the database access to data intelligence company GB
Group. It’s said that GB Group and its clients, gambling
firms Betfair and 32Red, apparently accessed the data
for age and ID verification on their websites.
It’s believed that Betfair and 32Red used this
information to increase the ratio of youngsters who
gamble online. However, Trustopia denied giving
database access to GB Group. The DfE and GB
Group have notified the incident to the U.K.’s privacy
protection body, Information Commissioner’s Office.
Many industry experts criticized DfE’s diligence
practice and asked for an investigation.
pecial Olympics New York, a
non-profit organization that
helps provide coaching to
competitive sportspersons
with intellectual disabilities,
reportedly faced a breach
of its email server. Hackers
leveraged the opportunity
to launch an email phishing campaign targeting the
registered donors list of the non-profit organization.
Founded in 1970, Special Olympics New York has
close to 67,000 registered athletes and around 3,000
coaches. They provide coaching and conduct athletic
competitions based on Olympics sports for children
and adults having an intellectual disability.
Leveraging the Christmas Holidays, hackers gained
access to the email server of the organization and
used it to launch an email phishing campaign.
“Apologies friends and fans! As you may have
guessed, our account was hacked today. Please
disregard a message that you may have received
about a payment processing. While donating to
us is always a good idea, we would never ask in
such a grinchy way,” stated an email from Special
Olympics New York to its donors. “The hack was to
our communication system which only includes your
contact information and no financial data. Please be
assured that your contact information is protected
and has been kept confidential.”
Casey Vattimo, the SVP of External Relations for
Special Olympics New York, said that the issue has
been fixed and donors can now continue donating
securely without any apprehensions.

60 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 61
REWIND << JANUARY

In the hotseat

MCAFEE PAM MURPHY

APPOINTS IS IMPERVA’S
PETER LEAV NEW CEO

C
AS NEW CEO
ybersecurity firm Imperva

T
announced the appointment
of Pam Murphy as the new
he device-to-cloud CEO, effective immediately.
cybersecurity firm, Interim CEO Charles
McAfee, appointed Goodman will continue as
Peter Leav as the new Chairman of the board.
Chief Executive Officer,
effective February 3, 2020. Previously, Pam Murphy
served as COO of enterprise software company
Leav previously served Infor. Prior to Infor, Murphy served multiple
as President and CEO of leadership positions at Oracle Corp. and Andersen
BMC Software. He holds more than 20 years of Consulting. Her background includes experience
executive leadership experience in large-scale in field sales, professional services operations, and
technology companies like NCR Corporation, deep operational experience in running global
Symbol Technologies, Cisco Systems, Proofpoint, organizations. Murphy also held a variety of roles
and Motorola. onments.
Commenting on his new role Leav said, “By “As an accomplished executive who has led
maintaining the forward-thinking, customer- operations for some of the world’s largest software
centric approach that has come to define McAfee, companies and demonstrated ability to deliver
I am confident that we will continue to play a customer value on a massive scale, she is perfectly
very meaningful role in protecting individuals, positioned to lead Imperva through our next phase
businesses and communities from the rapidly of growth,” said Goodman.
changing cyber threat landscape.”
Commenting on her new role, Murphy said,
“Our relentless focus on our customers and their
needs will always come first as we seize the many
opportunities that lie ahead and significantly grow
the business both domestically and internationally.”

62
62- CISO
- CISOMAG
MAG- February
- February2020
2020 Vol
Vol4 4- Issue
- Issue02
02 Vol
Vol4 4- Issue
- Issue02
02 February
February2020
2020- -CISO
CISOMAG
MAG- 63
- 63
REWIND << JANUARY

fines

BRAZIL FINES
FACEBOOK
US$1.6MN OVER
CAMBRIDGE
ANALYTICA
SCANDAL

EQUIFAX TO PAY US$380.5MN TO

B
razil’s court fined Facebook
for the misuse of personal
SETTLE CLASS-ACTION LAWSUIT
data belonging to nearly

half a million Brazilians
during political campaigns.
According to reports, a fine
of 6.6 million Reais (US$1.6
million) was issued by the
Ministry of Justice and Public Security of Brazil for the
data misuse scandal by Facebook and consultancy
firm Cambridge Analytica. It’s said that the social
networking giant collected private data of around 87
million Facebook users via a personality quiz app—
This Is Your Digital Life.
A statement issued by the Ministry stated that
Facebook used Brazilian users’ data for purposes that
were “at the very least, questionable” and Facebook
is unable to reveal the number of users affected in
the data breach.
The imposed fine is larger than the penalty £500,000
(US$656,000) issued by the U.K. government earlier
this year, which is also a verdict from the investigation
around the Cambridge Analytica scandal.
A
tlanta-based consumer The Northern District Court of Georgia granted the
credit reporting agency settlement after consulting with the U.S. FTC, State
Equifax has agreed to Attorneys, and members of the class-action suit.
pay US$380.5 million
In September 2017, Equifax disclosed that its
to settle a class-action
databases were hacked between May and June
lawsuit, brought forward
2017, and attackers gained access to the company’s
by the U.S. Federal Trade
data that compromised sensitive information for
Commission (FTC),
147 million American consumers, including Social
relating to a 2017 data breach that leaked a massive
Security numbers, credit card numbers, and driver’s
amount of information of more than 147 million
license numbers.
people in the U.S. alone.
Equifax discovered the breach on July 29, 2017 but
As per the settlement, Equifax will pay US$380.5
waited until after the close of trading nearly six
million as a penalty from where the class-action
weeks later to disclose the breach to its consumers
members can withdraw up to US$20,000 as
and investors, after hackers exfiltrated the data for 76
compensation. Additionally, the company may also
days.
require spending US$125 million for out-of-pocket
claims. Class-action members will also receive 10
years of free credit monitoring services from Equifax.

64 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 65
 PRODUCT OF THE
MONTH

The 2019 Cost of a Data

Breach study, from Ponemon,
highlights:
SEQURETEK - EDPR
US$3.92 Million

O
Average cost of a data breach
rganizations are in- If this is not enough to convince you as to why this ---------------------------------------------------
creasingly introduc-
ing policies such as
is a hot product to look out for, then wait, we’ve got
more to convince you otherwise. SEQURETEK’s
25,575 Records
Average size of a data breach
BYOD (bring your EDPR has been certified by ICSA Labs, USA, under ---------------------------------------------------
own device) and its Advanced Threat Detection (ATD) Certification
cloud-based work Testing Criteria. Yes, that’s right. US$150
suites (e.g. G-suite, Average cost per lost or stolen record
Microsoft’s Office 360, SEQURETEK had commissioned ICSA Labs, an in- ---------------------------------------------------
etc.) for their employees to make data access easy,
flexible and more fluid. These policies in turn add
dependent division of Verizon, to conduct bench-
marking tests on EDPR in the Q3 of 2019. To deter-
279 Days
Average time to identify and contain a
to the threats targeting mobile device access and mine the detection capabilities, EDPR underwent breach
networks, and create multiple endpoint vulner- a total of 1,235 tests composed of recently discov-
abilities. Additionally, those employees working ered threats that were left undetected by tradition-
from home or connected to public Wi-Fi networks al security products. The EDPR not only managed
Salient Features
for work on-the-go further expose the company’s to indicate the existence of a malicious threat, but
endpoint resources and make the organization’s also logged threats that were distinguishable from
network security perimeter more porous than ever. regular traffic and events.

Previously, most security breaches were target- Test Overview EDR Patch Device Vulnerability Data Leakage Application
ed at the organization’s network architecture. Total tests run: 1,235 Management Control Management Prevention Whitelisting
Today, however, the number of threats coming Detection Accuracy: 99.24%
through endpoints have seen a steady increase, False Positives: 52 Provides Proactive- Implies role- Offers self-up- Inspects Preemptively
which means centralized network protection is not superior ly identifies based access dates for content using blocks
enough and requires backing of endpoint protec- Recently, SEQURETEK has gone a step ahead and detection and vulnerable control (RBAC) latest software predefined unauthorized
tion solution like SEQURETEK’s EDPR (Endpoint conducted a round two of these tests in Q4 of 2019,
response endpoints and and restricts vulnerabilities, dictionaries applications
capabilities using automates the access of net- risk-based and pattern and permits
Detection, Protection, Response). and have bettered their almost perfect scores in
advance signa- patching pro- work storage assets priori- recognition to access of only
pursuit of attaining higher accuracy and precision.
ture and heuristic cess to secure and media tization, and identify sensi- whitelisted
SEQURETEK’s EDPR is a comprehensive, central- based techniques them. devices. compliance tive data. applications.
ly managed cross-platform technology that de- Test Overview with AI and ML and reporting.
tects threats, protects organizations against these Total tests run: 1,384 analysis.
advanced threats and provides an end-to-end re- Total Malicious Samples: 808
sponse mechanism. Total Malicious Samples Detected by EDPR: 802
Detection Accuracy: 99.33%

66
66- -CISO
CISOMAG
MAG- -February
February2020
2020 Vol
Vol44- -Issue
Issue02
02 Vol
Vol44- -Issue
Issue02
02 February
February2020
2020- - CISO
CISOMAG
MAG- -67
67
 DON'T STAY INVISIBLE

Advertise with us 230,000 30,000+ 83,000

marketing@cisomag.com
Readership Reach Registered Readership New Page Views
EC-Council & CISO MAG Combined EC-Council & CISO MAG Combined

68 - CISO MAG - February 2020 Vol 4 - Issue 02 Vol 4 - Issue 02 February 2020 - CISO MAG - 69
 www.cisomag.com

SCAN AND STAY UPDATED WITH

REAL TIME CYBERSECURITY NEWS

70 - CISO MAG - February 2020 Vol 4 - Issue 02