With over 17 years of extensive experience in cybersecurity and IT Distribution, Yaadhna brings a wealth of expertise in managing customer and partner relationships and driving business development across the African region. With the CEWA expansion, CyberKnight continues its focus on capacity building, offering advanced cybersecurity technologies and expertise that empower enterprises to tackle evolving threats. The company will leverage its extensive portfolio of Zero Trust solutions, combined with Yaadhna’s leadership, to deliver actionable strategies that enhance regional cyber defences.

“CEWA expansion with the regional key hire marks an important milestone for CyberKnight. This market is witnessing rapid digital adoption and an increasing focus on cybersecurity resilience. CyberKnight’s expansion seeks to address the rising need for advanced solutions and expertise to help enterprises and governments in the region secure their digital ecosystems. Our goal is to bring effective and pragmatic cybersecurity strategies along with Zero Trust Security framework while addressing region-specific challenges,” commented Avinash Advani, Founder and CEO at CyberKnight.

“Joining CyberKnight during such a pivotal time is an exciting opportunity. The challenges in CEWA’s cybersecurity landscape demand tailored approaches. My focus will be on fostering trust, strengthening partnerships, and ensuring that our solutions not only protect but enable businesses to thrive in an increasingly digital world. I look forward to collaborating with our customers and partners while helping CyberKnight deliver on its mission to expand Zero Trust Security across emerging markets,” commented Yaadhna Singh Gounden, Regional Sales Director, CEWA & IOI.

Tell us about the security threat landscape in the region. How has it evolved over the years?
The security threat landscape in our region, like many others, has evolved significantly over the years. We have witnessed a shift from primarily isolated attacks to a complex and interconnected threat landscape. Threat actors are becoming more sophisticated, and attacks are increasingly targeted and financially motivated.

Emerging technologies, such as IoT and cloud computing, have introduced new attack vectors. The shift to the cloud has also made cybercrime easier, cheaper, and more profitable. Traditional security measures have focused on detecting malware to prevent attackers from gaining access to critical systems. Over the last year, we have seen signs of increased development and trading capabilities – from tools to hack BIOS passwords, to rootkits and trojans targeting device firmware.

Organizations must adapt to this dynamic environment by implementing proactive security measures and staying informed about evolving threats. Increased resiliency, meaning, the ability to respond to hackers who have managed to exploit a vulnerability, is key.

What sort of role does the security community play in countering cyber threats?
The security community plays a crucial role in countering cyber threats. It serves as a collective defence mechanism against the ever-evolving threat landscape. Security professionals, researchers, organizations, and governments collaborate to share threat intelligence, insights, and best practices. This collaboration fosters a deeper understanding of emerging threats, enables rapid response to incidents, and enhances detection and mitigation capabilities.

Additionally, the security community contributes to raising awareness about cybersecurity and promoting proactive defence strategies. HP Sure Click, one of our key security solutions, not only protects users from various cyberattacks but also contributes to this collaborative ecosystem. Its containment-based approach enables us to capture and analyse malware execution traces, providing valuable insights to the security community. Collaboration with industry experts and leveraging threat intelligence providers empower us at HP to better identify and evaluate emerging threats before they pose significant risks.

Tell us about HP’s HP Sure Click. How does it help in keeping security threats at bay?
HP Sure Click is a groundbreaking security solution that plays a pivotal role in safeguarding against security threats. It leverages cutting-edge micro-virtual machine technology to create secure environments for handling untrusted content. By isolating potentially malicious activities within these secure micro-VMs, HP Sure Click prevents threats from spreading to other parts of a network.

HP Sure Click goes beyond safeguarding web browsers; it extends its protection to cover documents like PDFs and Microsoft Office files. This approach ensures that even if a file is compromised, the malware within it remains contained and cannot infect the user’s device. HP Sure Click also quantifies risks by recording how users encounter threats, whether through email attachments, browser downloads or clicking on links.

These insights reduce known risks and may even uncover previously unknown risky user behaviours that can be addressed at an organizational level. HP Sure Click automatically maps attack attempts to MITRE ATT&CK, an industry knowledge base that enables organizations to understand the techniques that attackers are using against their organizations and prioritize their defences based on the threats they face.

By employing HP Sure Click, organizations can proactively defend against malware attacks, enhance their cybersecurity posture, and maintain a secure computing environment.

What are the significance and benefits of cybersecurity collaboration in terms of public reporting, sharing analysis tools, and collaborating within trust groups to enhance collective knowledge and response capabilities?
Cybersecurity collaboration holds immense significance in today’s threat landscape. We all have different vantage points of the threat landscape so by engaging in collaborative efforts such as public reporting, sharing analysis tools, and participating in trust groups, the security community amplifies its collective knowledge and response capabilities. This approach helps in several ways.

Firstly, public reporting of cyber threats raises awareness and allows organizations to tackle emerging threats proactively. Secondly, the sharing of analysis tools accelerates the identification and response to cyberattacks, enabling faster mitigation. Thirdly, trust groups foster a sense of shared responsibility, trust, and mutual support within the security community. Collaboration within these groups promotes a more coordinated and effective response to threats.

HP recognises the importance of such collaboration and actively contributes to the security community by sharing insights and analysis through research and publications.

What are the challenges of cybersecurity collaboration, and can these be overcome?
In the realm of cybersecurity collaboration, we encounter a multitude of challenges that demand careful consideration. The foremost among these challenges is the reluctance to share sensitive information due to concerns about data privacy and security. However, to effectively counteract evolving threats, it is important that organizations overcome this hurdle by anonymizing data and following robust security protocols for information exchange. Organisations can consider participating in collaboration platforms that ensure confidentiality while also implementing clear legal and governance frameworks designed to protect shared information.

Building trust requires establishing strong relationships among all parties. Another formidable challenge lies in the allocation of resources required for seamless collaboration. Coordinating efforts across diverse entities can be resource-intensive, necessitating efficient resource pooling and allocation. To surmount these challenges, industry groups can play a pivotal role in facilitating collaboration and distributing resources effectively. Moreover, the establishment of standardized legal agreements can provide a solid foundation for secure information sharing.

Ultimately, the cornerstone of successful cybersecurity collaboration rests on trust. Fostering trust among collaborators is an ongoing process that hinges on transparent communication, the diligent protection of shared data, and a unified commitment to bolstering collective security efforts. By addressing these challenges head-on, we can collectively fortify our defences against the relentless evolution of cyber threats.

CyberKnight has rapidly grown into the largest pure-play cybersecurity VAD in the Middle East in just under four years. Through its strategic partner channel, it helps more than 500 enterprise and government customers implement leading solutions to simplify breach detection, prevention, and incident response, as well as implement regulatory compliance, zero trust practices, critical infrastructure protection, artificial intelligence (AI), threat intelligence, and more.

Through this partnership, NightDragon’s portfolio will get access to CyberKnight’s many customers in the region across banking, finance, telco, energy, government, and other sectors. Additionally, they will get access to more than 80 strategic partners and more than 400 channel partners across the region to further expand go-to-market capabilities internationally and deliver the latest innovations for mitigating risk from rising cyber threats around the world.

“NightDragon continues to align ourselves with leading partners around the world, such as CyberKnight, who can help drive new growth and go-to-market opportunities for our portfolio and bring their innovative CSSP solutions to customers that need them in the Middle East and around the world,” said Dave DeWalt, Founder and CEO, NightDragon. “We look forward to partnering closely with the CyberKnight team to advance a shared mission to secure our world for tomorrow and increase public-private partnerships globally.”

NightDragon companies will receive elevated levels of technical, sales, and business development support to ensure the successful roll-out of programs between the two organizations, including certifications and training for CyberKnight and channel partners as well as comprehensive pre- and post-sales services. CyberKnight will additionally support NightDragon portfolio companies to build robust global partner ecosystems through program consulting and access to its extensive reseller base of partners in the region. Finally, the companies will benefit from joint marketing activities and other efforts that will drive higher awareness, pipeline generation, and increased market penetration in the region.

Meanwhile, CyberKnight will benefit from privileged access to NightDragon companies to ensure increased access to their innovative technologies. Additionally, the partnership builds on an existing partnership with Macnica, a $10 billion global value-added distributor and solution provider, who is also a pre-existing NightDragon Master Service Agreement (MSA) partner and who recently announced its intent to acquire CyberKnight, as well as a shared commitment to increasing diversity and cyber talent efforts on a global scale.

“CyberKnight has a strong reputation for providing the most advanced, bleeding-edge technologies and cybersecurity solutions to our customers. We look forward to working closely with NightDragon and its portfolio companies as an innovation gateway to some of the latest technologies ready to break from the U.S. or other markets into the Middle East, Turkey and Africa and together have a profound effect on reducing cyber risk in the region and around the world,” said Avinash Advani, CEO and Founder, CyberKnight.

CyberKnight is the latest partnership added to the roster of Master Service Agreements as part of NightDragon’s NightScale platform, which provides a platform for growth to accelerate the go-to-market, talent, government services and marketing efforts of NightDragon portfolio companies. It is complementary to other preexisting NightDragon partnerships, including the recently announced Jones Group partnership, which provides strategic advisory in the Gulf Cooperation Council (GCC) region.

“Immuta is proud to work with a leading venture firm like NightDragon, which continues to forge innovative partnerships with prominent VADs and go-to-market organizations like CyberKnight that can help us bring our market-leading data access and security solutions to customers that need them into critical regions like the Middle East, Turkey and Africa,” said Scott Fuselier, Chief Revenue Officer at Immuta, a NightDragon portfolio company.

In our modern connected world, it’s unsurprising that privacy concerns, particularly those related to personal data, are on the rise. It is crucial to question who has access to what data and for what purpose.

Earlier this year, the UAE launched its Federal Person Data Protection (PDP) Law providing a legal framework to ensure the security and privacy of personal information. To date, 71% of countries around the world have enacted similar forms of legislation to ensure data and privacy protection.  These regulations aim to restrict and monitor the collection, processing, and access to personal data, including video footage, in order to maintain privacy and mitigate the risks of criminal cyber activities.

Simultaneously, acquiring digital information is critical for protecting people and property. Governments and private businesses often collect data from individuals frequenting their facilities. This data can include personally identifiable information (PII), such as surveillance footage, photos, access control data, and license plate information. However, does this imply that we must forego our privacy for the sake of physical security?

What is personally identifiable information?
Security professionals frequently wrestle with questions about where to draw the line when it comes to personally identifiable information (PII). For example, when is surveillance footage of public spaces considered personally identifiable information?

The answers to these questions are not always straightforward as legislation surrounding PII varies from place to place. Although video surveillance isn’t necessarily a problem, capturing a specific image of a person can be. If the video resolution is low enough to make it impossible to clearly identify an individual, it would not be considered PII. However, with the quality of video surveillance technology improving every day, it is more crucial than ever for security professionals to remain well-versed in their local legislation around PII.

New regulations and restrictions regarding PII and data privacy are introduced regularly. Therefore, it can be challenging for private citizens and small businesses to stay up to date with these reforms, especially when legislation is not communicated in a clear and accessible manner. Vendors and integrators can help educate end users on these guidelines and promote awareness of best practices. Those capturing or accessing video or access control information containing PII must be mindful of who has access to the data as well as local privacy regulations and restrictions.

You don’t need to compromise on privacy to ensure security
Balancing security and privacy isn’t a zero-sum game. In fact, a majority of organizations today are going beyond regulatory requirements concerning privacy to ensure not only that personal data is protected but also that those who have access to it are accountable.

Although most privacy regulations establish a minimum requirement for the storage and management of personal data, however, businesses can do more than the minimum. Modern video management software (VMS), access control systems, and automatic license plate recognition systems (ALPR) enable the restriction of data to authorized personnel only.

VMS platforms with privacy protection capabilities can pixelate individuals in videos to conceal their identity and provide audit trails to document who accessed data and when. They have improved the cybersecurity and accountability of their systems to ensure data protection. On the other hand, modern ALPR systems can render license plate data untraceable by private businesses, and seal vehicle owners’ names, addresses, and other identifying data, making them accessible to only local, state, and federal registration and law enforcement databases.

Regulations typically focus on how end users operate the system, whether their data is stored securely and if they have a clear process to access sensitive data. Yet, protecting personal information is a shared responsibility.

End users can research the privacy policy and capabilities of their vendors, while software vendors can incorporate tools such as encryption, authentication, security, and facial blurring that enable end users to protect the data. Similarly, systems integrators can effectively configure systems and educate end users on how to use them in a manner that respects privacy, and end users’ operators can be trained on internal processes to guarantee that the data is secure and cannot be accessed without valid authorization.

Mindful data collection leads to better decisions
Security systems are more prominent and sophisticated than ever before, and analytics have advanced significantly. More companies and individuals are adding or upgrading cameras now that it is less expensive and easier to gather and interpret video footage, ALPR, and access control data.

Yet, acquiring more data does not always result in better decisions, and can lead to information overload. Therefore, it is crucial to employ technologies to filter the data, ensuring that only the most relevant information is highlighted, while the security of the other data is effectively maintained.

One method to do this is to minimize the quantity of data that is stored, keeping only what is necessary to your objectives, while another way is to ensure only those who require the information, and can provide the correct authorization, have access to sensitive data. Modern ALPR systems, for example, often retain simply the ‘read value’ of a license plate rather than the image of the plate itself and may offer the option to retain information only if the plate matches a hotlist.

Another alternative is to implement the “four eyes principle,” which ensures that personal data is only seen by authorized personnel, by requiring two people to provide credentials to access particular types of data. Faces on video recordings, for instance, can be pixelated by default. If an operator observes an event taking place, they can request a supervisor to unlock the video. For very sensitive data, some companies require two supervisors to authorize a request to access data.

Trust is essential
Privacy is directly connected to trust. Stakeholders must be able to trust that data is stored securely and that the technology and systems being used are functioning optimally. Improperly installed or inadequately secured cameras and door controllers that are part of the network can expose private data to hackers. Therefore, it is critical to evaluate the typed of data a system is acquiring, the quality of that data, and the effectiveness of the checks and balances in place.

Transparency is fundamental. Context is everything when it comes to data and privacy protection. For example, people may consent to share their location while using certain apps on their phone but would not want those apps to continue tracking and sharing their location indefinitely.

Access to personally identifiable information recorded by surveillance cameras, license plate readers, and access control systems must be warranted in the same way. In certain situations, authorizing access to sensitive data is necessary, and this does not violate privacy ethics if the people affected are informed about what data is accessed, when, and why.

How to develop ethical privacy standards without compromising security
There are several ways organizations can develop ethical privacy standards without jeopardizing security:

• Organizations should be selective about the data they collect and critically evaluate the information required to accomplish their purpose. For instance, when collecting data on visitors, is it truly necessary to obtain their full home address, or will simply verifying their ID suffice?
• Organizations can create an internal privacy policy that specifies the sort of data gathered, where it is stored, and who has access to it and appoint a data protection officer to oversee and maintain it.
• Organizations should also employ security software vendors who have been certified for privacy protection. A privacy certification involves a thorough check of the source code to ensure data cannot be accessed without authorization. This applies not only to the product but also to the infrastructure that surrounds it, including any linked websites that hold user data.

In summary, organizations should primarily work with vendors who develop tools that include privacy protection from the outset. To alleviate concerns about system vulnerabilities, organizations can select and deploy solutions that have undergone rigorous testing by manufacturers against cyber threats. These solutions allow organizations to have complete control over their data, enabling protection protocols to be adjusted based on evolving regulations.

Moreover, this also allows organizations to configure the system and define the individuals or parties that are authorized to access sensitive data without slowing down response times or investigations. When these measures are in place, it is a team effort to ensure that security with strong privacy protection is achieved.

Recently, FortiGuard Labs provided evidentiary support to INTERPOL and African Member countries as part of the Africa Cyber Surge Operation (ASCO) to help detect, investigate, and disrupt cybercrime through coordinated law enforcement activities, utilizing INTERPOL platforms, tools, and channels in close cooperation with AFRIPOL.

The ACSO is a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure in the African region. The INTERPOL Cybercrime Directorate and INTERPOL Support Program for the African Union (ISPA) collaborated with AFRIPOL and 27 INTERPOL member countries to leverage this intelligence and combat the growing threat of cybercrime across the continent.

The successful Cyber Surge operation and transfer of knowledge to multiple law enforcement agencies in the African region is the result of continued threat information sharing and trusted cooperation between INTERPOL, FortiGuard Labs, and other INTERPOL private partners.

FortiGuard Labs provided actionable threat intelligence over a six-month period, which consisted of botnet, command, and control (C2), and malware infrastructure research, including C2 and malware and botnet victims located within the African continent.

“The Africa Cyber Surge Operation, launched in July 2022, has brought together law enforcement officials from 27 countries, working together for almost four months on actionable intelligence provided by INTERPOL private partners,” Craig Jones, Director of the Cybercrime Directorate with INTERPOL comments. “This intelligence focused on opportunities to prevent, detect, investigate and disrupt cybercrime through coordinated LE activities utilizing INTERPOL platforms, tools, and channels. This operation focused both on cybercriminals and compromised network infrastructure in Africa, allowing member countries to identify more than 1,000 malicious IP addresses, dark web markets, and individual threat actors, enhancing cooperation between INTERPOL, AFRIPOL, and the member countries, and contributing to connecting policing for a safer world.”

“The Africa Cyber Surge Operation is a shining example of how shared threat intelligence on threat actors and joint operations across trusted partners can increase the cyber resilience of an entire region,” highlights Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs. “It also shows how valuable cybersecurity training and education is to help close the cyber skills gap and effectively disrupt cybercrime at scale. We will continue to work with our private and public sector partners such as INTERPOL around the world to help make our digital world a safer place.”

For more than a decade, FortiGuard Labs has helped inform and protect customers, partners, and governments around the world. As a leader in the threat intelligence community, its mission is to provide the best threat intelligence designed to protect customers from malicious activity and sophisticated cyberattacks. The team is composed of some of the most knowledgeable threat hunters, researchers, analysts, engineers, and data scientists in the industry, working in dedicated threat research labs all around the world.

Fortinet has been an active member of the Global Cybercrime Expert Group and trusted partner to INTERPOL dating back to 2015 and became an INTERPOL Gateway partner in 2018. This ongoing collaboration has resulted in greater threat intelligence standards and protocols across the industry as well as impactful global cybercriminal takedowns.

In addition to INTERPOL, FortiGuard Labs is committed to partnership and cooperation with global law enforcement, government organizations, and industry organizations. Some of the global partnerships include being a founding member and regular contributor of the World Economic Forum’s (WEF) Centre for Cybersecurity as part of its Partnership Against Cybercrime (PAC), serving as a long-standing member of the NATO Industry Cyber Partnership (NICP), contributing to the development of STIX/TAXII protocols with MITRE & OASIS​, being an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center), co-founding the Cyber Threat Alliance (CTA), working in partnership with the computer incident response organization FIRST, and more.

As hybrid or remote working is being adopted by many companies globally and becoming the ‘new norm’ for millions of workers, cyberattacks meanwhile continue unabated. Building a secure and reliable IT environment has therefore become an increasingly important priority for many businesses who are exploring opportunities in the global digital economy. While moving to the cloud and using cloud-based security features is a good way to challenge cyber risks, it’s important to delve deeper into how best to construct a secure and reliable cloud environment that can fend off even the most determined attacker.

In today’s digital environment, discussions about cyber security’s best practices have never been more important. The UAE in particular established the Cybersecurity Council to develop a cybersecurity strategy and build a secure cyber infrastructure by creating related regulations. Following this move, the nation ranked 5^th place on the International Telecommunications Union’s Global Cybersecurity Index 2020, jumping 33 places and it continues to prioritize cyber security and awareness. Creating a secure cloud environment – from building the architecture to adopting cutting-edge security technologies and putting in place important security management practices – will inspire more thorough conversations on this subject.

A resilient and robust security architecture is essential for creating a cloud environment capable of assuring an organisation about the availability, confidentiality and integrity of its systems and data. From the bottom up, the architecture should include security modules of different layers, so that companies can build trustworthy data security solutions on the cloud layer by layer – from the infrastructure security, data security, and application security to business security layers.

In addition to the security modules of all of the layers, there are a variety of automated data protection tools that enable companies to perform data encryption, visualisation, leakage prevention, operation log management and access control in a secure computing environment. Enterprises can also leverage cloud-based IT governance solutions for custom designs of cloud security systems to meet compliance requirements from network security and data security to operation auditing and configuration auditing. This ensures full-lifecycle data security on the cloud, with controllable and compliant data security solutions in place.

Another consideration is to build a multi-tenant environment, abiding by the principle of least privilege and adopting consistent management and control standards to protect user data from unauthorised access. In addition, establishing strict rules for data ownership and operations on data, such as data access, retention and deletion, is also pivotal in creating a safe environment.

Moreover, enterprises can embrace the zero-trust security architecture and build a zero-trust practice by design to protect the most sensitive systems. The architecture requires everything (including users, devices and nodes) requesting access to internal systems to be authenticated and authorised using identity access protocols. As such, the zero-trust security architecture cuts down on automatic trust, or trust without continuous verification, addressing modern challenges in securing remote working environments, hybrid cloud settings and increasingly aggressive cyber threats.

Cutting-edge security technologies such as comprehensive data encryption, confidential computing and many more emerging tech solutions, can be leveraged to ensure we stay on top of the trends in cybersecurity. Comprehensive data encryption provides advanced data encryption capabilities on transmission links (such as data-in-motion), compute nodes (such as data-in-use), and storage nodes (such as data-at-rest). Key Management Service and Data Encryption Service help users securely manage their keys and use a variety of encryption algorithms to perform encryption operations.

Another emerging technology to safeguard the cloud environment is confidential computing. Confidential computing is dedicated to securing data in use while it is being processed, protecting users’ most sensitive workloads. Confidential computing based on trusted execution environments (TEEs), ensures data security, integrity and confidentiality while simplifying the development and delivery of trusted or confidential applications at lower costs.

It is equally important to adopt proper security management practices and mechanisms to maximise the security protection of one’s critical system and important data. One essential mechanism to protect the cloud environment is to develop a comprehensive disaster recovery system, which enables businesses to configure emergency plans for data centres based on factors such as power, temperature and disasters, and establish redundant systems for basic services such as cloud computing, network and storage. It helps companies to deploy their business across regions and zones and build disaster recovery systems that support multiple recovery models.

Setting the effective reviewing and response mechanism for your cloud security issues is imperative. First, having vulnerability scanning and testing in place is important to assess the security status of systems; second, it is vital to use cloud-native monitoring tools to detect any anomalous behaviour or insider threats; furthermore, establishing proper procedures and responsibility models to quickly and accurately assess where vulnerabilities exist and their severity, will help ensure that quick remedy actions can be taken when security problems emerge.

In the future, developing the security architecture, technologies, management and response mechanism will no longer be perceived as a cost-centre burden for companies, but rather, as critical capabilities to safeguard the performance and security of daily business operations. Crafting a comprehensive cloud security plan, adopting the best industrial practices, and choosing a professional cloud service provider with strong security credentials to work with, should be an imperative subjects in a CXO’s agenda.

In December 2021, Kaspersky uncovered “Owowa”, a previously unknown IIS module that steals credentials entered by a user when logging into Outlook Web Access (OWA). Since then, the company’s experts have kept an eye on the new opportunity for cybercriminal activity – it has become clear that deploying a backdoor within IIS is a trend for threat actors, who previously exploited one of the “ProxyLogon-type” vulnerabilities within Microsoft Exchange servers. In a recent investigation, Kaspersky experts came across a new unwanted module backdoor, dubbed SessionManager.

The SessionManager backdoor enables threat actors to keep persistent, update-resistant, and rather stealthy access to the IT infrastructure of a targeted organization. Once dropped into the victim’s system, cybercriminals behind the backdoor can gain access to company emails, and update further malicious access by installing other types of malware or clandestinely managing compromised servers, which can be leveraged as malicious infrastructure.

A distinctive feature of SessionManager is its poor detection rate. First discovered by Kaspersky researchers in early 2022, some of the backdoor samples were still not flagged as malicious in most popular online file scanning services. To date, SessionManager is still deployed in more than 90% of targeted organizations according to an Internet scan carried out by Kaspersky researchers.

Overall, 34 servers of 24 organizations from Europe, the Middle East, South Asia, and Africa were compromised by SessionManager. The threat actor who operates SessionManager shows a special interest in NGOs and government entities, but medical organizations, oil companies, and transportation companies, among others, have been targeted as well. Because of similar victimology and the use of the common “OwlProxy” variant, Kaspersky experts believe that the malicious IIS module might have been leveraged by the GELSEMIUM threat actor, as part of its espionage operations.

“The exploitation of exchange server vulnerabilities has been a favorite of cybercriminals looking to get into targeted infrastructure since Q1 2021. It notably enabled a series of long unnoticed cyberespionage campaigns. The recently discovered SessionManager was poorly detected for a year. Facing massive and unprecedented server-side vulnerability exploitation, most cybersecurity actors were busy investigating and responding to the first identified offenses. As a result, it is still possible to discover related malicious activities months or years later, and this will probably be the case for a long time,” said Pierre Delcher, Senior Security Researcher at Kaspersky’s Global Research and Analysis team.

“Gaining visibility into actual and recent cyberthreats is paramount for companies to protect their assets. Such attacks may result in significant financial or reputational losses and may disrupt a target’s operations. Threat intelligence is the only component that can enable reliable and timely anticipation of such threats. In the case of Exchange servers, we cannot stress it enough: the past year’s vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants, if they were not already,” added Pierre.

To protect your businesses from such threats, experts also recommend that you:

1. Regularly check loaded IIS modules on exposed IIS servers (notably Exchange servers), leveraging existing tools from the IIS servers suite. Check for such modules as part of your threat hunting activities every time a major vulnerability is announced on Microsoft server products.
2. Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections. Back up data regularly. Make sure you can quickly access it in an emergency.
3. Use solutions that help to identify and stop the attack in the early stages, before the attackers achieve their goals.
4. Use a reliable endpoint security solution, that is powered by exploit prevention, behavior detection, and a remediation engine that is able to roll back malicious actions.

Are you participating in GISEC 2022?
Yes, Virsec is looking forward to participating in GISEC 2022 this year.

What is your theme of participation at the event?
As one of the largest and most awaited cybersecurity conferences in the Arab region, we want to show our growth at GISEC 2022, and how our growth supports that of our customers. In this line, we will be showcasing our recently launched Deterministic Protection Platform (DPP).

DPP is the next evolution of our company’s flagship and award-winning Virsec Security Platform (VSP), the first solution that could eradicate threats to the software workload at runtime in real-time. DPP not only ensures better protection against all known and unknown threats to software workloads, but it also reduces threat actor dwell time from minutes to milliseconds, with true protection and runtime observability.

Another theme is awareness – we aim to provide our customers and partners with the knowledge of true runtime protection, and the need for it, allowing them to understand how DPP by Virsec makes security response obsolete by improving the protection that conventional, probabilistic solutions currently offer.

What is the general agenda / planned list of activities at the event?
Virsec is growing in the Middle Eastern market and plans to continually invest in the region to further strengthen our progress and provide the best-in-class cybersecurity to customers. With this in mind, our agenda for GISEC is ideally to interact and engage with more Channel Partners offering the value proposition and demonstrate how Virsec can strengthen and elevate their security offerings.

We also look forward to engaging with Top Level Executives, as well as clients and customers, sharing our thought leadership message around the need for deterministic protection at runtime to secure their software and critical infrastructure. We are also greatly anticipating our CEO, Dave Furneaux, and Bobby Gupta, Senior Vice President and MD of International Business, who will attend GISEC this year, where they will be interacting with key customers at the exhibition, as well as driving media engagements.

What according to you are the challenges faced by CISOs and Cybersecurity experts today?
We all have seen a huge surge of increasingly sophisticated cyberattacks during the pandemic, and the rate at which they continue to occur is relentless and only seems to grow by the day. Challenges faced at this point are typically in need of a solution that not only protects the known negatives, but also unknown Zero-day attacks. Ultimately, solutions should be able to protect both known and unknown vulnerabilities from being exploited.

However, we must keep in mind that there are other associated factors that influence this, such as current solution(s) often resulting in false positives and the need for constant human intervention to detect and protect businesses. Human error is one of the major causes of breaches, especially considering the present day when stress levels are at an extreme high with too much information from too many sources.

To avoid and solve this, there needs to be a complete shift in the approach when dealing with such sophisticated attacks. We need a solution that does not only detect, but also automatically protect, and with extreme precision – without human intervention.

Will you be running any offline/online engagements alongside the event?
We aim to engage with customers, clients, and partners pre-and post event over networking sessions. Our senior management, experts, and executives will be available at stand D-55 to interact with visitors and professionals at the event, to discuss the evolving threat landscape, and demonstrate how Virsec’s solutions, namely DPP, can equip organizations with the skills required to overcome and prevent these cyberthreats from impacting their business.

Are you participating in GISEC 2022?
Yes, we are – SANS has been participating for the last 3 years now and we are looking forward to being a part of GISEC once more.

What is your theme of participation at the event?
The overall theme for our participation this year will be around workforce development and how SANS can help organizations train, recruit and retain their cybersecurity staff. We have many products to offer organizations to help them provide their staff with the best possible training experience. There are many options for organizations, small to large, to choose from to help them progress. From our core training courses to our Capture-the-Flag events (CTFs), security awareness products, knowledge assessments, NetWars tournaments, and even Cyber Training academies, we will be bringing a vast range to GISEC 2022.

What is the general agenda / planned list of activities at the event?
We would like to showcase our larger product portfolio, inform visitors that SANS is more than just our core training courses, and highlight that we offer cybersecurity training solutions for all organisations. There will also be the opportunity to participate in one of our Capture-the-Flag events, and visitors to our stand will have the ability to see and experience one of our many training courses through our Live Online training format.

What according to you are the challenges faced by CISOs and Cybersecurity experts today?
There are two main challenges at the moment. One is to ensure you are adequately protected against the latest threats coming from nation-state actors such as Russia. SANS has put together a resource center that helps you understand exactly what is happening right now and how you can protect yourself and your organisation.

The second is the ever-growing skills gap and need for talented and trained personnel. With a growing shortage of people available on the job market, it is becoming increasingly challenging for organisations to find the right talent for the right jobs. Our SANS Immersion Academies or Assessments, support organisations in finding hidden talent within the existing workforce. We also help governments set up special programs to help identify, find, and train people who are unaware that they had an inclination towards and a talent for cybersecurity.

Will you be running any offline/online engagements alongside the event?
Yes, we will host our own SANS Capture-the-Flag during the days of GISEC.

The agreement brings together expertise, understanding, universal knowledge, cutting-edge disruptive Artificial Intelligence-driven technologies to transform legacy and redefine the future. “Argus Systems is an independent manufacturer’s representative and software development company heavily focused on AI-driven applications specialized in providing manufacturers a platform to launch their products while reducing time to go to market,” the company said in a statement. “Video Internet Technologies Ltd (VIT Ltd.) is a Ukraine-based technology house specialising in Video Analytics Solutions. This partnership will allow Argus and VIT to co-develop solutions for the MEA markets.”

“We are very excited to announce our strategic technology alliance with VIT to bring to our customers innovative AI-based solutions that transform legacy to redefine the future,” said Rohit Khubchandani, the CEO of Argus Systems. “Utilising the latest and greatest Artificial Intelligence innovations our combined solution stack addresses the pain points and challenges customers face in our dynamic region delivering the quickest ROI – Return on Investment.”

“Partnering with Argus Systems will allow us to offer our advanced AI-based solutions and give us a head start to accelerate our growth in the region, we have developed and integrated software and devices for various use cases. With our video analytics solutions, we help thousands of users fully observe and document every fine detail of their projects within their territories, 24/7,” said Yuiry Bukhtiyarov, CEO of VIT Ltd.