DERMALOG Identification Systems GmbH is a leading provider of biometric identification solutions such as fingerprint and facial recognition systems. Headquartered in Germany, DERMALOG has implemented large-scale biometric systems in over 80 countries, including a fingerprint identification system for 23 Nigerian banks that has registered over 32 million customers. DERMALOG's biometric technologies and solutions span various sectors including banking, border control, law enforcement, and issuing secure identity documents.
The 10 most trusted cyber security solution providers 2018
1. DERMALOG
Identication Systems GmbH
The Biometrics Innovation Leader
Günther Mull
Founder & Managing Director
Chalk Talk
Traits to Possess the
Best Enterprise Security
Editor’s Pick
Data Center Security:
Controlling Possible Threats
www.insightssuccess.com
March 2018
2.
3.
4. What Lies
Ahead for
Cybersecurity
017 wasn’t a great year of cybersecurity. We saw a large number of high profile cyberattacks; which
2included WannaCry ransomware attack, Petya virus, Uber, Deloitte, etc. Despite multiple security
updates and numerous patches, the number of attacks continues to rise, which eventually raises a
question how to be safe in this world of web. So, let’s look at some trends and future predictions for the
near future.
Ransomware attacks have been growing at a steady pace during last few years, but it seems like regular
users haven’t learned much from the attacks. So, the WannaCry attack has highlighted the need to back up
data regularly, keep patching and updating systems, and strengthen the real-time defenses. If organizations
and individuals took these simple steps, then we could reduce the impact of ransomware dramatically.
With the advent of IoT, we are rolling out more and more sensor packed devices that are always connected
to the internet, but IoT still remains one of the weakest links for cybersecurity. Most of the time these
devices lack essential security features or many cases they aren’t correctly configured or rely upon default
passwords that eventually provides easy access to the attackers. So, these poorly secured IoT devices are
the reason for the growing use of botnets, which can be used for volumetric attacks, identify
vulnerabilities, or for brute force attacks.
Many organizations are still using single-factor authentication, which relies on “something you know.” Till
now companies tend to shy away from implementing multi-factor authentication, as they believe that it can
negatively affect user experiences. However, according to recent research, there’s a growing concern about
stolen identities amongst the general public.
Editor’s Note
5. The rise of state or nation-sponsored attacks are the most concerning area for the cybersecurity
experts. These attacks are motivated by political gain and go beyond financial gain. As expected the
level of expertise are quite high which may prove difficult to protect against. So, governments must
ensure that their internet networks are isolated from the internet and provide extensive security
checks. Additionally, the staff needs to be trained in order to spot attacks. Finally, it’s essential that
nations work together and share the information they have regarding state-sponsored threats.
So, the dire need of competent cybersecurity solution providers has made us look for, “The 10 Most
Trusted Cyber Security Solution Providers, 2018.”
On our cover page we have DERMALOG Identification Systems GmbH, which is an expanding
company based in Hamburg with additional offices in Malaysia and Singapore, as a result of strong
growth in the region.
We also have, SonicWall, which has been preventing cyber-crime for over 25 years, defending
small- and medium-sized businesses and enterprises worldwide; Logsign, which is a next-generation
Security Information and Event Management solution, primarily focused on security intelligence, log
management, and easier compliance reporting; Seceon, which enhances the way organizations
recognize cyber threats with speed and accuracy, prevent damage using surgical containment, and
predict insider attacks through behavioral threat detection modeling and machine learning; IT-CNP,
an information solution Provider Company which offers premier solutions to the US government;
Code Dx, is a software vulnerability management system that combines and correlates the results
generated by a wide variety of static and dynamic testing tools; Prey Software, which lets you track
& find your phone, laptop, or tablet; Tinfoil Security, a simple, developer friendly service that lets
you scan your website for vulnerabilities and fix them quickly and easily; Avatier, is a provider of
identity management software and solutions that acclimate to business users to provide an integrated
framework for business operations; and Entrust Datacard Corporation, which offers the trusted
identity and secure transaction technologies that make those experiences reliable and secure.
Solutions range from the physical world of financial cards, passports and ID cards to the digital realm
of authentication, certificates and secure communications.
Happy Reading!
Kaustav Roy
6. DERMALOG
Identification
Systems GmbH
The Biometrics
Innovation Leader
COVER STORY
Traits to Posses the
Best Enterprise
Security
Chalk Talk
Data Center Security:
Controlling Possible
Threats
Editor’s Pick
24
40
A R T I C L E S
The Role of an MSP
in your Cloud Strategy
Mentor’s Role
32
08
8. 36
38
44
46
Cybersecurity Done RIGHT
Seceon:
Incorporating Security into
your Development and
DevOps Workflow
Tinfoil Security:
A Security Center that
Delivers Real-Time
Cyber Attack Data
SonicWall:
Helping Clients Track
and Find their Phones,
Tablets, and Laptops
Prey Software:
12. DERMALOG
Identication Systems GmbH
The Biometrics Innovation Leader
We offer challenging projects
in international environments
and the latest technologies
in the eld of biometric identication.
“
“
Cover Story
14. Headquartered in Hamburg,
Germany, DERMALOG
Identification Systems
GmbH has been shaping the world of
security for more than two decades.
DERMALOG is Germany’s pioneer in
biometrics and the largest German
manufacturer of biometric devices and
systems. The company provides a wide
range of biometric identification
solutions, including latest generation of
fingerprint and document scanners as
well as high-performance Automatic
Fingerprint Identification Systems and
Automated Biometric Identification
Systems (ABIS). The product portfolio
is complemented by biometric border
control systems, biometric ID cards
and passports, as well as biometric
voting systems.
DERMALOG has been revolutionizing
biometric security products for law
enforcement, civil authorities as well
as health and security agencies, and
developing solutions for access and
data security, authorization and
authentication services as well as
mobile security. Governmental
authorities as well as private
businesses all over the world trust
DERMALOG’s expertise and state-of-
the-art biometric products. That’s not
all, DERMALOG has implemented
one of the world’s largest biometric
installations in Nigeria. The branches
of 23 banks and the Central Bank of
Nigeria have been equipped with
in 1980. From 1984, he was
responsible for the automation of
fingerprint and palmprint evaluations
as part of a research project at the
Hamburg Institute of Human Biology
and worked until 1990 as a lecturer in
applied statistics. After serving as the
head of the Institute of
Dermatoglyphics for several years, he
found DERMALOG Identification
Systems GmbH back in 1995. The
Hamburg based company specializes in
the development of Automated
Fingerprint Identification Systems and
fingerprint biometrics for documents
and national ID projects. Presently,
DERMALOG technology is used in
more than 220 large-scale installations
across the planet.
When DERMALOG helped
Countries with its Solutions
Back in 2016, the Nigerian government
found that more than 23,000 officials
either did not exist with their registered
name or received their salary
unlawfully. This gave the country
monthly savings of 10.5 million euros
and makes a sustainable contribution to
the positive development of the
Nigerian state. The cases of fraud were
identified using DERMALOG’s
Automated Biometric Identification
System. Originally the system was
developed for 23 Nigerian banks and
for the Central Bank of Nigeria in
order to identify bank customers
through fingerprint and face
DERMALOG’s ABIS. Bank customers
are clearly identified by fingerprints
and face patterns, which effectively
prevents fraud practices with false
identities. Nigerian banks have already
successfully registered more than 32
million customers with DERMALOG’s
Automated Biometric Identification
System.
“DERMALOG as manufacturer,
supplier and System Integrator is able
to implement solutions very quick, even
into existing projects. Our “Turnkey
Solutions” are reliable, intuitive to
operate and most of all fast and
secure,” adds Günther Mull, Founder
of DERMALOG.
The company has developed solutions
like ‘FingerLogin’, ‘FingerPayment’,
and ‘FingerBanking’ as well as
automatic face and iris recognition.
Apart from Germany and Europe, the
main markets of DERMALOG revolve
across Asia, Africa, Latin America and
the Middle East. Today, more than 150
government agencies and over 40
banks in more than 80 countries are
using DERMALOGs technology and
turnkey solutions for biometric
identification.
A Pioneer in Fingerprint
Identification Systems
Günther Mull studied human biology
at the University of Hamburg, where
he began researching fingerprints back
We are the
pioneer in the
development of
biometric products
and solutions.
“
“
15. recognition before opening or
accessing a bank account. In this
system, every customer receives an
individual number. Since its very
introduction in Nigeria, more than 32
million bank customers have been
registered till date, wherein their bank
accounts are backed by
DERMALOG’s innovative biometrics.
“Specific requirements due to the
security situation and the local
conditions are our daily business,”
emphasizes Mr. Mull.
DERMALOG has rolled out a
BioScreen system with the
Immigration & Checkpoints Authority
of Singapore. This specialized system
captures the thumbprints of visitors
arriving and departing at Singapore’s
checkpoints, as part of its ongoing
efforts to enhance security levels. Now,
it is compulsory for foreign visitors to
scan their thumbprints each time they
enter or leave Singapore. With the
BioScreen system installed in the
passenger halls to pick up travelers’
thumbprints, it reminds travelers that
security in Singapore has the highest
priority over all threats. Singapore
reports that a fingerprint checking
system installed at borders is helping to
ranges from project management,
installation and customization to
maintenance and support of delivered
products.
DERMALOG’s goal has always been
to deliver the best solution for its
customers, which requires creativity
and the willingness to break new
ground. With the claim to be an
innovative leader, the company is
always open to new ideas. This is also
part of DERMALOG’s corporate
culture. As an example, flat hierarchies
enable rapid decision-making and
accelerate the development of new
solutions. Additionally,
DERMALOG’s employees have a high
level of personal responsibility.
An Innovative Industry Leader
Ultimately, within the biometry sector,
multi-biometrics, the combination of
two or more biometric characteristics,
is currently on the rise. Therefore,
DERMALOG has developed an
Automated Biometric Identification
System (ABIS) that simultaneously
compares finger, face and eye data for
maximum accuracy. With
DERMALOG ABIS, the company
positions itself as an innovative leader
and offers the next level of secured
find people who have violated
immigration laws.
Delivering the Best Solution
Currently the discussion about security
is dominated by rapidly increasing
digitization. Understandably, this
development also leads to a wider
choice of security products.
DERMALOG actively participates in
this process with innovative solutions
for secure biometric identifications. As
an example, with DERMALOG’s
password-free login, companies can
significantly simplify their user
management by allowing employees to
log on to computers by fingerprint or
face recognition features. The system
is safer, more reliable, and much more
comfortable than previous password
protected solutions.
The company’s major strengths include
innovative products and their
unmatched adaptability. Working
closely with its customers,
DERMALOG always develops the best
possible solution in remarkably fast
time for the industry. This flexibility is
one of the most important cornerstones
of the company’s success. Also,
DERMALOG’s innovative solutions
provide outstanding service. The offer
Our multi-modal
ABIS (Automated
Biometric
Identication
System) combines
several biometric
methods.
“
“
16. identification. The system is already in use around
the world, in banking and border control as well as
in issuing official documents, such as passports and
driver’s licenses.
In the face of increasing mobility of people and
goods in a globalized world, governments need to
find a balance between fast processing and secure
borders. Based on its experience from worldwide
projects, DERMALOG offers solutions to develop
and implement Border Control Systems as well as
checks for secure border management.
One of the latest DERMALOG border control
products is the DERMALOG Gate. It is the first
fully automated electronic gate that uses 3D sensor
high-resolution camera technology combined with a
precisely defined field of view. It guarantees only
one person at a time can pass the gate, providing a
highly secure face recognition. The integrated front
scanner enables fast reading of numerous
documents such as passports, ID cards, e-ID cards
and flight tickets. The DERMALOG Gate reduces
transit times, provides a self-service process and
increases the attractiveness of using the airport.
DERMALOG offers biometric solutions for banks
and manufacturers of automatic teller machines
(ATM). This includes the largest biometric banking
project worldwide (USD 50 million), which was
delivered by DERMALOG (BVN Project): 23
banks and the Central Bank of Nigeria were
provided with DERMALOG’s ABIS, to prevent
double identities among bank customers through
different means such as finger and face recognition
and guarantees the best-possible biometric
identification of customers (KYC) for these banks.
Furthermore, many ATMs across the globe have
been equipped with DERMALOG’s fingerprint
technology.
In addition to our innovative range of services and the expertise
and motivation of our employees, this fact is also based on the
satisfaction and loyalty of our customers.
“
“
17.
18. Address :
Country :City : State : Zip :
Global Subscription
Date :Name :
Telephone :
Email :
1 Year ......... $250.00(12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00
3 Months ... (03 Issues) .... $70.00 1 Month ...... (01 Issue) ..... $25.00
READ
IT
FIRST
Never Miss an Issue
Yes, I would like to subscribe to Insights Success Magazine.
SUBSCRIBE
T O D A Y
Check should be drawn in favor of: INSIGHTS SUCCESS MEDIA TECH LLC
Insights Success Media Tech LLC
555 Metro Place North, Suite 100,
Dublin, OH 43017, United States
Phone: (614)-602-1754,(302)-319-9947
Email: info@insightssuccess.com
For Subscription: www.insightssuccess.com
CORPORATE OFFICE
19. Management BriefCompany Name
Avatier
avatier.com
Nelson Cicchitto
Chairman,
Founder and CEO
Avatier Corporation is a provider of identity management
software and solutions that acclimate to business users to
provide an integrated framework for business operations.
Code Dx
codedx.com
Anita D’Amico
CEO
Code Dx Enterprise is a software vulnerability management
system that combines and correlates the results generated by a
wide variety of static and dynamic testing tools.
DERMALOG
dermalog.com
Günther Mull
Founder and
Managing Director
DERMALOG Identification Systems GmbH is an expanding
company based in Hamburg with additional offices in Malaysia
and Singapore, as a result of strong growth in the region.
Entrust Datacard
Corporation
entrustdatacard.com
Todd Wilkinson
President and
Chief Executive Officer
Entrust Datacard offers the trusted identity and secure
transaction technologies that make those experiences reliable
and secure. Solutions range from the physical world of financial
cards, passports and ID cards to the digital realm of
authentication, certificates and secure communications.
Logsign is a next-generation Security Information and Event
Management solution, primarily focused on security
intelligence, log management, and easier compliance reporting.
Prey lets you track & find your phone, laptop, or tablet.
Seceon is an organization that enhances the way organizations
recognize cyber threats with speed and accuracy, prevent damage
using surgical containment, and predict insider attacks through
behavioral threat detection modeling and machine learning.
SonicWall has been preventing cyber-crime for over 25 years,
defending small- and medium-sized businesses and enterprises
worldwide.
Tinfoil Security is a simple, developer friendly service that lets
you scan your website for vulnerabilities and fix them quickly
and easily.
IT-CNP
it-cnp.com
Cynthia Gibson
Information Security
Compliance Manager
IT-CNP is information solution Provider Company which offers
premier solutions to the US government.
Logsign
logsign.com
Veysel Ataytur
CEO
Prey Software
preyproject.com
Carlos Yaconi
CEO
Seceon
seceon.com
Chandra Pandey
founder and CEO
SonicWall
sonicwall.com
Bill Conner
President and CEO
Tinfoil Security
tinfoilsecurity.com
Ainsley Braun,
Co-founder & CEO and
Michael Borohovski
Co-founder & CTO
20. Adigital identity is an
individual’s online presence;
it comprises information
relating to their personal identity as
well as other data. The protection of
this information is crucial to
safeguard the individual’s identity.
Avatier Corporation provides
flexible identity management
software and solutions that allow
business users to construct an
integrated framework for business
operations. Its identity management
solutions require fewer login
credentials but enable collaboration
across and beyond business
boundaries.
Avatier has also created the world’s
first Identity-as-a-Container (IDaaC)
platform. This IDaaC combines the
best of Identity-as-a-Service (IDaaS)
and on-premises identity
management offerings while
delivering greater flexibility and
control than hybrid identity
management solutions.
Avatier’s primary vision is to
accelerate the adoption of identity
management. The company plans to
accomplish this by providing
organizations and their employees,
partners, and customers with secure
and easy access to applications,
assets, and electronic forms.
An Avidly Competitive Leader
Nelson Cicchitto, the Chairman,
Founder and CEO of Avatier
established the company in 1997.
Nelson spent 5 years leading the
development of Chevron’s Common
Operating Environment (COE) IT
efforts. It was here that he recognized
the pressing need to manage
Microsoft NT and Exchange as one
system.
As Avatier’s CEO, he keeps the
company ahead of the competition by
constantly seeking – and finding
– ways to take the complex and make
it simple. Nelson’s leadership fosters
innovation, creative thinking, and
documenting processes.
These factors have allowed him to
develop a system where all non-
revenue generating back office apps
and employee assets can be managed
as one system.
Delivering Best-in-class Security
Services
Avatier develops state-of-the art
identity management platforms that
enable organizations to scale faster,
innovate quicker, conquer and
embrace change, and to dominate
competition worldwide. Its Identity
Anywhere product brings Cloud
services and employee assets
together and allows organizations to
manage them as one system.
Identity Anywhere Password
Management is the world’s first self-
service password reset system. It
uses Docker container technology to
run anywhere - on any Cloud, on
premises, or on a private Cloud
hosted by Avatier.
Access Governance is the most
portable, scalable and the most
Avatier:Revolutionizing Digital Identity Security
Our identity
solutions
empower C-Suite
Executives to use
a digital
dashboard to run
and manage
their business.“
“
18 March 2018
21. secure solution in the market. It enables customers to
conduct access certifications of IT audit from any device,
see the list of audits due along with identity and access
governance items which have not been reviewed,
practice security and compliance management with the
touch of a finger, and approve and revoke access.
Identity Anywhere Single Sign-On (SSO) gives
employees, partners and customers secure access to
public and private web applications. Avatier SSO
leverages existing groups, OU’s and users in the
customer’s native directory to delegate web application
access. With built-in SaaS licensing management, Cloud
subscription costs can be cut by 30% or more. SSO
integrates with Identity Anywhere Lifecycle
management for automatic user provisioning and
de-provisioning.
Avatier is the only company which has the capability to
provide solutions that adapt to the needs of the business
user and allows them to deliver a unified framework for
business processes across operations.
Industry analysts and customers have indemnified that
Avatier’s identity management and access governance
solutions make the world’s largest organizations more
secure and productive in the shortest time and at the
lowest costs.
A Prolific Game-Plan
By moving its Identity Management solution from REST
APIs to Docker containers and adding orchestration for
auto-scaling, continuous delivery, and transparent load
balancing, Avatier has become the only vendor that
allows customers to place its solution on any Cloud. This
also allows Avatier or any other vendor to take the same
instance and host it for them as a managed solution.
Avatier’s solutions incorporate the latest Docker
container technology, are cloud agnostic, and may be
hosted by Avatier, run on-premises, or on any provider’s
Cloud. Container technology or Identity as a Container
(IDaaC) provides the benefits of speedy deployment
continuous delivery of cloud-only (IDaaS) providers but
with greater control over your identity repository,
maximum security and flexibility at the lowest total cost
of ownership in the industry.
By contrast, hybrid identity management providers that
do not leverage container technology face the very same
problems on premises as traditional identity management
providers.
Boasting a Global Clientele
Avatier boasts a clientele of over 500 worldwide
customers, ranging from the Global 100 to the smallest
businesses, across a wide range of industries, technology
to pharmaceuticals to even manufacturing.
Avatier considers feedback from its customers one of its
greatest sources of innovation and inspiration.
“Customers become our strongest advocates and drive
us to continuously evolve our offerings to be the most
secure and scalable in the industry,” states Nelson.
The company even invites customers to serve on its
customer advisory board where they have direct input
into products in development at Avatier.
March 2018 19
Nelson Cicchitto
Chairman, Founder & CEO
22. There are many application
security techniques available
today, but not all software
security vulnerabilities can be found
by any one of them. Every detection
technique has its advantages and
disadvantages and such tools are
mutually complementary; using them
in conjunction creates a more
comprehensive safety net. Code Dx,
Inc. was founded on the principle
that application vulnerability
management should be an integral
part of the software development
process, and that can only happen if
it is convenient and logical. This
approach helps developers and
security professionals make their
software as secure as possible using
an integrated collection of open-
source and commercial tools.
Code Dx built its flagship product,
Code Dx Enterprise, to combine and
correlate different tools and
techniques under one software
vulnerability management system.
The advantage is that one set of
results are consolidated across tools,
one user interface, one reporting
function, and a central method for
prioritizing and assigning
vulnerabilities for remediation.
Developers and security analysts can
use these reports and Code Dx’s
remediation guidance to coordinate
and decide which vulnerabilities to
fix first, and streamline the tracking
of their remediation.
A Strong Leadership Foundation
Anita D’Amico is the CEO of Code
Dx. She has a unique background as
a human factors psychologist,
cybersecurity situational awareness
specialist, and a security researcher.
This exceptionally diverse
background and Anita’s ability to
develop a vision and fuel it with
energy, good communication, and
effective leadership has propelled
Code Dx to where it is today.
Under her leadership, Code Dx has
developed innovative application
vulnerability correlation and
management solutions that are
breaking down barriers to using
Application Security Testing (AST)
tools and processes, and enabling
organizations to protect against
software vulnerabilities.
Driven by the Word ‘Together’
While the industry is working hard to
deliver powerful AST tools, Code Dx
Enterprise is different because of its
focus on making those tools work
together to produce better, actionable
results even faster and with less
effort. Thus, customers see Code Dx
Enterprise as a value multiplier for
their existing AST investments.
Code Dx Enterprise automatically
configures and runs 15 different
open-source AST tools directly from
within the solution. When customers
feed their code into Code Dx
Enterprise, it automatically identifies
the language, then selects and runs an
appropriate set of open-source tools
to find vulnerabilities in their code as
well as third-party libraries, and then
consolidates the results. Code Dx
Enterprise also seamlessly integrates
with a wide variety of the industry’s
best commercial static, dynamic, and
Code Dx:Practical Software Security Solutions
Secure your application
in less time, with a
smaller team, and
ship faster.
“
“
20 March 2018
23. interactive AST tools. Merging open-source results with
tools that they already know and like extends the value
of their AppSec investment.
Code Dx Enterprise also stands out with its seamless
integration into the software development processes. It
assimilates effortlessly with several integrated
development environments (IDEs), build servers like
Jenkins, and issue trackers like Jira. Code Dx has also
made considerable effort in the past two years to be
easily adopted into the DevOps process.
Vulnerability Correlation and Management Solutions
Code Dx fills a critical hole in the cybersecurity market
with its software vulnerability correlation and
management solutions. The company’s team of expert
developers has created high-value software systems for
demanding commercial and government customers, and
they participate in complex cybersecurity research and
development work for various government agencies. As
a result, Code Dx understands the real-world challenges
faced by software developers and security analysts in
securing their software. Its team of tool developers and
application security specialists is dedicated to providing
the tools, techniques, and support needed by application
developers to assure the security of their software
products and services. The team’s emphasis is on
building a safer software security supply chain.
Code Dx’s collaboration with clients and government
research sponsors over the year have given it the
knowledge and expertise to build futuristic solutions in
real-time, and provide top-notch customer service and
support as well.
Anita adds, “Code Dx Enterprise saves time and
valuable resources needed to secure your applications,
whether you are just getting started or have a mature
application security practice, by streamlining software
vulnerability management through all its phases:
discovery, consolidation, triage, prioritization, and
remediation.”
Enduring Partnerships
Code Dx is committed to providing the highest level of
support to its customers, who mostly specialize in
shipping software products but opt for security because it
is important to those products and their clients who use
them. Hence, Code Dx extends its support beyond just
helping its customers to use its tools effectively. The
company also advises them on how best to approach
application security and build secure software in the
development process. This comprehensive approach has
enabled Code Dx to sustain and build upon its long-term
global and regional partnerships.
New Opportunities in Cybersecurity
The security services sector will continue to grow as
more people understand and accept that conducting
business in the internet age is fraught with cybersecurity
risks. However, Code Dx has also seen that enterprises
are beginning to accept responsibility for ensuring their
own security, and bringing many of the activities
previously given to the service sector in-house. These
evolutions are creating new opportunities for security
service providers like Code Dx who are adapting to the
new tools and supporting their application security needs
to leverage their processes.
Anita D’Amico
CEO
March 2018 21
24. The concept of digital identity
has evolved to a point that
was scarcely imaginable not
very long ago. The shift from paper
documents to embedded chips to
digital identification is giving way to
cloud technology that surpasses them
all.
Parallel advances are transforming
the way we interact with each other
and with our government, how we do
business, and how we live in an
increasingly interconnected world.
This revolution is being driven,
adapted and molded by a select
group of companies one of those
companies is Entrust Datacard.
A Pattern of Growth
Entrust Datacard is not a newcomer
to the field. Established in 1969, it
has grown to employ over 2,200 staff
spread over 37 locations across the
globe, who deal with clients in over
150 countries. The company is
headquartered in Shakopee, MN.
It began its journey as a provider of
financial card personalization
technology. Today, its products and
solutions encompass virtually every
aspect of our lives as individuals,
customers, employees, business
entities and citizens. They are trusted
by financial institutions, digital
enterprises, and governments.
Diverse Protection
Our world may have shrunk with the
advent of the digital age, but it also
seems to have become a place where
the threats to our safety, security and
privacy have expanded. We live in a
world of devices beyond computers
to which we are constantly
connected, and to which we entrust
critical information.
Entrust Datacard:
Seamless Security Made Easy
Our solutions ranges
from the physical world
of financial cards,
passports and
ID cards to the digital
realm of authentication,
certificates and secure
communications.
“
“
22 March 2018
25. Unfortunately, both individual devices and networks are
vulnerable to attacks. These attacks compromise not just
personal and private information but regularly result in
losses that compromise far more than monetary
possessions.
It is here that Entrust Datacard has proven to be a
trustworthy partner, not only for you and I, but for any
business that has an online presence, and even national
governments who need to maintain and oversee
e-services and border controls.
Accomplished Leadership
The Entrust Datacard team is led by Todd Wilkinson,
President and Chief Executive Officer since 2008.
Prior to that, he spent three years as the company’s Chief
Financial and Administrative Officer.
Mr. Wilkinson oversaw the merger of the individual
entities, Entrust and Datacard that created the Entrust
Datacard brand in 2014. He managed the transition in a
manner which accorded due recognition and respect to
the constituent companies and their distinctive heritage,
while integrating their technologies to create an
organization capable of tackling the challenges of the
digital era.
His career before Entrust Datacard includes executive
positions at General Electric and USG Corporation. Mr.
Wilkinson’s alma mater is Northern Illinois University,
from which he holds both a Bachelor of Science and a
Master of Business Administration degree.
Todd Wilkinson
President & CEO
March 2018 23
26. Traits to Posses the Best
Enterprise Security
he founders occasionally forget about implementing important fundamentals of security and start running after
Tshining technology. The security budgets are limited, so they need to be sure about covering highest breach areas
before moving onto other things.
IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest
recorded number in the last 18 years. Criminals are always a step ahead of the existing security systems. So companies
should have best strategies and practices for enterprise security.
So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with
these basic practices.
Strong Firewalls
Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the direction
of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets. The traditional
process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the
popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted
and suspicious traffic away.
Securing Router
Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern
routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong
VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have
improved security posture companies need to use all the security features of routers.
Secured Email
It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An 86
percent of the emails in the world are spam. Even if the latest filters are able to remove most of the spam emails,
companies should keep updating the current protocols. If the no, of spam emails are large, then it only means the company
is at greater risk of getting malware.
Updating Programs
To make sure your computer patched and updated is a necessary step if you are going towards fully protected enterprise. If
you can’t maintain it right, then updating already installed applications is an important step in enterprise security. No one
24 March 2018
27. can create 100 percent perfect applications, but one can make changes accordingly trying to keep it with the pace. Thus,
making sure your application is update will let you know the holes programmer has fixed.
Securing Laptops and Mobiles
You may wonder that why securing laptops and mobiles is in the list. But it is true that securing laptops and mobile phones
that contain sensitive data of enterprises. Unlike desktop computers that are fixed, laptops and mobiles are portable and
thus are at higher risk of being stolen. Making sure you have taken some extra steps to secure laptops and mobiles is as
important as implementing strong firewalls. Encrypting laptops and mobiles with the help of softwares is a great tactic to
be followed for secured enterprises.
Wireless WPA2
This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it.
Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2
installed, then it will be difficult to breach for criminals.
Web Security
Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years have
increased at an alarming rate, with over 51 percent of the victims. Simple URL filtering is no longer sufficient, as attacks
are becoming more frequent and complex. The features that need to be considered for web security systems are AV
Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability
to correctly scan the web traffic.
Educating Employees
Making sure that employees are educated about safe and online habits is as crucial as securing enterprise with top class
anti virus and firewalls. Educating employees about what they are doing and how to be pre-defensive is more effective than
expecting IT security staff to take steps later. Because protecting end users against themselves is the most difficult thing to
do. So, employees must understand how important it is to keep company’s data safe and the measures they can take to
protect it.
While the world is approaching with more and more cyber theft and crimes, these simple and standard tools based
foundation of enterprise security can protect the companies from such attacks.
Chalk Talk
March 2018 25
28.
29.
30. Computer viruses, bugs – even
the term “hack” suggests
illness. With good reason:
cyberattacks are a new kind of plague
st
for the 21 century.
In 2018, data breaches are a pervasive
and ever-present fact of life. Cunning
criminals can infiltrate electronic files
from across a room, or across the
globe, with nothing more than a laptop
or access to an Internet of Things
device, while barely raising their
pulse.
Government networks, specifically,
are susceptible – not just from
attackers, but also interconnectivity
issues, hardware snafus, user error,
and acts of God.
Meanwhile, governmental budgets
continue to shrink, resources for
critical protections continue to tighten,
and a constantly evolving morass of
regulations and standards make
compliance a maddening prospect.
Government agencies need a cure.
For almost two decades, now, IT-CNP
has provided an antidote.
The Columbia, Maryland-based
consulting firm was one of the first
national providers of government-
oriented, FISMA-compliant,
FedRAMP certified cloud hosting in
the country. It remains one of the only
facilities nationwide that exclusively
serves Federal, state, and local
government agencies.
Turnkey cloud solutions – including
policy development, audits,
compliance, forensics, analysis, and
incident response – are offered
through IT-CNP’s unique hosting
division, GovDataHosting.
“By identifying vulnerabilities and
implementing corrective measures, we
reduce the risk of compromised
systems, reinforce the integrity of
agency data, and ensure policies and
regulations are addressed consistently
across all platforms,” said
Information Security Compliance
Manager, Cynthia Gibson.
Gibson previously provided multiple
Department of Homeland Security
agencies with risk assessment support.
Today, she is responsible for the
delivery of cybersecurity and security
compliance services for IT-CNP’s
portfolio of GovDataHosting cloud
customers.
Competition is at an all-time high
when it comes to vying for
government cloud contracts. The
secret of IT-CNP’s success is simple:
They’ve been doing it better, longer.
“Our wealth of experience, garnered
from multiple past performances,
offers our new customers reassurance
that their systems will be implemented
with little to no risk,” Gibson said.
Complemented by state-of-the-art
datacenters and 100% uptime
performance, GovDataHosting
provides fully-managed cloud to a
growing roster of government
agencies representing industries from
healthcare to defense, and beyond.
IT-CNP realizes that there is no room
for error when hosting and managing
these mission-critical systems in the
cloud. That’s why all datacenters,
related personnel, and customer data
are located and monitored within
American borders. Employees, too,
undergo a criminal background check,
while those working with sensitive
IT-CNP:The First Line of Defense for
Mission-Critical Systems
28 March 2018
We Help
Secure
America's
Infrastructure.
“
“
31. information take part in a government-sponsored
background investigation.
“Protecting government systems is a tremendous
responsibility,” Gibson said. “But we have continuously
earned our customers’ trust with diligence and attention to
detail. We face government cybersecurity challenges head-
on, delivering comprehensive, innovative results on-time,
within or under budget, and to our clients’ complete
satisfaction.”
Case in point: IT-CNP transitioned a military client from a
government operated datacenter to a cloud datacenter of
its own, meeting the complex requirements set forth by the
Department of Defense. Immediate operational
enhancement resulted, as well as a marked improvement
for the Service Level Agreement’s turnaround time and
modernization.
IT-CNP also assisted with the transition of a Department
of Health and Human Services data warehouse, evaluating,
documenting, and authorizing Personally Identifiable
Information (PII) and Protected Health Information (PHI)
in accordance with FISMA and HIPAA regulations and
ensuring that all systems adhered to the Federal
government’s rigorous standards.
The U.S. Department of Health and Human Services
recently recognized such capabilities and experience by
awarding IT-CNP with a Blanket Purchase Agreement to
provide Next Generation IT Services application hosting,
FedRAMP certified cloud, and associated managed
services.
The award provides HHS operating divisions and offices
with streamlined access to application hosting and cloud
migration resources.
IT-CNP’s services are similarly available on a number of
pre-negotiated government contract vehicles, including
GSA Schedule 70, Navy Seaport-E, and DHS-Eagle II.
As a vendor of the U.S. Army ACCENT Program,
GovDataHosting serves as a preferred application
migration and cloud hosting provider for the entire
Department of Defense, including DoD agencies, the
Army, Navy, Air Force, and the Marine Corps.
As the unique needs of the security services sector
continue to evolve, IT-CNP has initiated plans to extend its
cybersecurity solutions and FedRAMP cloud services into
the south and southwestern parts of the country.
The hope, said Gibson, is to provide a coast-to-coast
presence, not only for civilian agencies, but also the
Department of Defense. Two additional cloud datacenters
are also in the works.
“We’re proud to support the quickly evolving security
needs of the Federal government,” said Gibson. “Being
part of what it takes to protect America’s infrastructure is
the reason IT-CNP and GovDataHosting were created, and
we are committed to offering our customers nothing less
than 100 percent satisfaction.”
March 2018 29
Cynthia Gibson
Information Security
Compliance Manager
32. Logsign, headquartered in
California, was established in
2010 as an all-in-one
Security Information and Event
Management (SIEM) solutions
provider. It unifies Security
Intelligence, Log Management, and
Compliance as applied in various
industries.
The company’s user-friendly
platform has a smartly designed
NoSQL and HDFS embedded
architecture that ensures efficient
storage, clustering, and rapid access
to stored and live data. Actively
providing services to more than 500
SMBs and governmental agencies,
Logsign is working toward raising
customers’ security awareness while
establishing itself in the field of
cybersecurity.
This next-generation, all-in-one
SIEM solutions provider is primarily
focused on Security Intelligence, Log
Management, and easier Compliance
Reporting. Logsign unifies the view
and monitoring of cloud and local
data, increases awareness via smartly
designed, security-oriented
dashboards, and provides a clear
understanding of machine data and
enables reliable, actionable insights
in real-time.
Logsign’s core features are Log and
Event Data Centralization, Event
Mapping, Real-Time Correlation,
and Historical and Real-Time
Analysis. Logsign collects logs and
event data comprehensively from
sources such as firewalls, routers,
IDS/IPS, network devices, Windows,
Linux/Unix, databases, VMware
ESX, mail servers, and web servers.
Effective and Focused Leadership
Veysel Ataytur, CEO of Logsign, is
an Electronics and Communications
Engineer with vast experience in the
cybersecurity industry.
His in-depth knowledge of, and
experience in product management
and product marketing to
cybersecurity service providers and
partners have contributed
significantly to the success of
Logsign. He is primarily responsible
for the business operations, sales, and
marketing of the company.
Veysel always tries to maintain long-
term relationship with his clients.
This has helped Logsign grow
organically while retaining a large
share of the clientele it has worked
with since its incorporation.
“We believe that cybersecurity is a
team effort that should continue
seamlessly. We focus on customers’
needs and expectations, focus on that
we are always on the same side,”
asserts Veysel.
He also reveals that their community
of satisfied customers is growing
every day as the team continues with
its focus on delivering added value to
them.
A Real All-in-One Solution
Logsign is a next-gen SIEM
combined with a Security
Orchestration, Automation, and
Response (SOAR) system and
healthcare services. With its well-
designed architecture, it processes
operational security of systems,
thereby shortening incident response
times, improving team efficiency, and
decreasing the number of repetitive
tasks and false-positives.
The system also enables automatic
responses and detection of indicators
via API integrations.
Logsign also ensures control over
both IT and OT infrastructures to
prevent attacks before they occur via
Logsign:SOC Combined Next-Gen SIEM
Cybersecurity
is teamwork
and security products
have to be
much smarter.
“
“
30 March 2018
33. its comprehensive SOC solutions. It helps enterprises
and SMBs improve their information security processes
and procedures, and to review and create new ones in
real-time.
The company strives to continuously improve security
procedures, remediation, and monitoring operations by
learning and adapting with every incident.
Human-Oriented Solutions
Logsign’s user-friendly platform is backed by a diligent
technical support team that provides customers a
comprehensive, reliable SIEM solution at an affordable
price. Logsign also helps enterprises and SMBs to
improve and remedy their information security processes
and procedures.
“We believe that solutions should have a well-designed
UX and be human-oriented. SOCs are where technology
and humans meet. Security professionals in every line
should work more efficiently, effectively, and happily,”
says Vessel.
Logsign has provided its solutions to more than 500
enterprises. Some of the most prominent names among
them are Deloitte, Migros Global Retail Chain, Simit
Sarayi Global Food Chain, BMC, Cardtek, Ford Otosan,
Benetton and Penti. Besides these major brands, Logsign
products are also employed by many universities and
colleges, hotels, and insurance firms.
Industry Outlook
The number of cyber-attacks against individuals,
organizations and governmental agencies is increasing
by the day.
As was the case in 2017, phishing attacks, ransomware,
and exploits show strong trends in 2018. IoT and
SCADA Security have gained an increasing popularity.
Security professional talent shortage, numerous attacks,
repetitive tasks and alerts, etc. can be though as a part of
a puzzle, it’s a big challenge.
To tackle all such threats, Logsign focuses on
‘Orchestration, Early Detection, Automation, and
Response’. Using this point of view, Cybersecurity does
not just mean security devices, systems should be
monitored, recovered, and improved. Logsign’s next-gen
SIEM is being developed to help improve human to
human, human to machine, and machine to machine
interactions.
“Our sophisticated and ever-evolving view of threat
lifecycle management and collaboration is our strength.
Aiming team leaders and executives, to improve
efficiency and diminish worries that systems are on.
Security analysts working at SOCs are also in our target
to help them work easily,” states the team in one voice.
Veysel Ataytur
CEO
March 2018 31
34. The Role of an in your
MSP
In my experience, when businesses
are looking to fundamentally
transform the way they work, they
have to take a serious look at their
cloud strategy and make sure it's
aligned to their business goals.
Whether these goals are to increase
operational efficiency, drive new
revenue streams, improve customer
service or disrupt the market, there are
key principles I advise businesses to
follow.
The approach you take will depend on
what stage your business is at. A cloud
first strategy is appropriate if you have
the flexibility to move your core
business applications to the cloud
because you’re a new business or
you’re not encumbered by legacy
infrastructure.
A hybrid approach works if you have a
clear plan on which applications you
feel comfortable moving to the cloud,
versus those you’d prefer to keep
within your own private network or at
a data centre.
If you’re at an early stage in your cloud
strategy and are still getting to grips
with the options available, it can help
to work with a managed service
provider who will map out the most
appropriate migration path based on
what you’re trying to achieve.
Irrespective of what stage you’re at,
there are challenges that most
businesses face as they journey to the
cloud.
Firstly, upskilling your internal IT team
to manage the migration can be a real
challenge when the skills required are
fundamentally different to those of a
traditional IT team. Furthermore, it can
be risky to divert your team away from
managing business critical IT
infrastructure to plan and implement a
cloud migration strategy. This can be a
very significant undertaking, and one
that often makes sense to outsource to
an MSP with the specialist skills you
don’t have in-house.
Many businesses will need to redesign
their legacy networks and
infrastructure to support this migration,
which can be complex. For example,
data that was previously routed via a
private network to head office, may
now be serviced via the internet, which
creates a big shift in data and
networking requirements.
Another big decision is which
technology provider to go with. With
so many options available it can be
challenging to decide which one is
right for your business. For example,
do you go with Microsoft Azure,
Amazon Web Services (AWS) or a mix
of the two? It’s easy to get distracted
by service features, so it’s important to
keep focused on the business outcomes
you’re trying to achieve when going
through the vendor selection process.
With all the benefits that the cloud
offers in terms of cost savings, agility
and innovation, it can also expose your
business to increased security threats.
Working with a Managed Service
Provider with strong credentials in
security can help you to lock down any
potential vulnerabilities in your
network.
If you decide that working with a
Managed Service Provider is right for
your business, look for a partner with
demonstrable expertise in architecting,
implementing and managing cloud-
based network infrastructures and
applications that can flex with your
business. They should also offer a
security portfolio that supports both
public internet and private networking
environments.
Many IT decision makers come
unstuck when they select service
providers who don’t invest enough in
cutting-edge technology. Even though
IT services are often viewed as a
commodity, working with a partner
who can predict where the market is
going can really help to transform your
business.
There’s nothing worse than investing
time and money in technology that
becomes obsolete. Work with someone
who has a strong reputation in
delivering market leading technology
in data centres, data security and cloud
based services.
The right MSP will be much more than
a supplier. They’ll be an extension to
your IT team; a true partner who’s
committed to delivering outcomes and
is happy to share the risk of the
Cloud Stratergy
32 March 2018
35. About The Author
As the CEO of Enablis Pty Ltd, Jon leads a
passionate and focused team delivering
Managed IT Communication and Cloud Services
to mid-sized organizations in Australia and New
Zealand.
A 25-year industry ICT veteran, in 2006 Jon
founded the Australian business for Sirocom Ltd,
a leading UK Managed Virtual network operator
(MVNO) that later became Azzurri
Communications Pty Ltd.
Eleven years on, John has grown Enablis, the
Australian division of Azzurri Communications,
from one employee to over 50 employees with
offices in Sydney and Melbourne.
His zeal and vision to deliver smarter ways for
organizations to procure and operate complex
communication estates coupled with his
experience in leading and driving a strong
business culture focused on doing “right by the
customer” have resulted in Enablis winning
multiple industry awards for growth and service
quality every year for the past six years.
Prior to Enablis, Jon held Senior Partner roles at
major carriers such as Verizon and Optus where
he helped develop and grow key integrator
relationships in Europe, and later on, in Australia.
Before that, he worked at Cabletron and 3Com.
Jon has sat on and assisted in technology
steering panels at St Vincent de Paul. He has a
passion for helping and getting involved in raising
awareness and donations for a number of
charities focused on homelessness and under
privileged youth.
Working with an MSP who speaks your language is vital.
This means that they should know your industry and
ideally, already have customers in your sector. Even though
every business is unique, there’s a lot to be said for working
with service providers who understand your business
objectives and the risk profile you’re trying to manage.
In my experience, IT budgets are generally flat or falling,
whereas demand for high priority strategic projects such as
migrating to the cloud, is only increasing. This means that
IT decision makers are often under increasing pressure to
achieve more with less.
Work with an MSP who can help you deploy your budget
and resources more effectively; who can build a business
case for you and back it up with hard numbers. Ultimately,
they need to convince you and the rest of the business that a
cloud strategy is going to deliver measurable improvements
to your business before you bring them on board.
technology deployment. Much like any relationship, a good
partnership is based on chemistry, transparency, shared
goals and mutual respect. Most importantly, you need to be
certain they’ve got your back.
Jon Evans
CEO
Enablis Pty Ltd
Mentor’s Role
March 2018 33
36.
37.
38. We, as humans, are
completely dependent
upon the internet. When
we want to listen to a song, store
data, or even when we want to buy
some stuff for our household needs,
we turn towards the internet to fulfill
our needs.
The web world even possesses the
ability to store identification data
including fingerprints, iris scan and
others. But thanks to attackers,
nowadays, most of our data is up for
sale, most definitely on the dark web.
Shockingly our whole online identity
can be bought for as low as $1,170.
This includes accounts and data from
11 different groups; from online
shopping to entertainment services,
to personal finances accounts and
data categorized as proof of identity.
Enter Prey Software as a multi-
platform anti-theft management
solution that helps businesses keep
their mobile device fleets and data
secure. This is done through a
mixture of Anti-Theft and device
management tools.
In a nutshell, Prey consists of two
parts. The agent, installed on laptops,
phones, and tablets, and the panel.
Once its client’s fleet is covered with
the agent, everything is managed
online through the website’s panel, to
which the user signs in.
There users can organize the fleet by
labels, setup Control Zones
(geofencing) to monitor movement
on areas where devices should enter
or shouldn’t exit and track their
location globally to keep an eye on
all assets.
If something goes wrong, the user
will activate Prey’s tracking mode, or
‘MISSING mode’, which turns Prey
into an evidence gathering machine.
The platform generates reports with
pictures, location, nearby WiFi
networks, hardware changes, and
more data critical to the retrieval of a
device.
A Massively Experienced Leader
Carlos Yaconi, Prey’s Founder and
CEO, kick-started the project’s
global expansion and evolution
together with the initial founder of
the Linux application Tomás Pollak.
This partnership took Prey to a
worldwide release in 2010, which
quickly escalated becoming the first
global multi-platform anti-theft app.
Carlos studied Computer Science and
Information Technology at
Universidad Diego Portales and is an
innovation graduate of Universidad
del Desarrollo. His work as an
entrepreneur goes further back,
having founded two prior companies:
Nectia, software developer company,
and Bizware, a database service
provider. In his spare time, you can
usually find Carlos training as a
‘work in progress’ guitarist or
listening to Pink Floyd.
Tackling the Competition
Currently, Prey is working on its
Prey Software:
Helping Clients Track and Find their Phones,
Tablets, and Laptops
Tracking devices
is easy, we take
gathering evidence
to another level.
“
36 March 2018
“
39. user-focused development. Its offer and its features are
constantly being developed for the user specific needs,
making way for a sturdier product. The core of this
concept is to adapt and grow Prey’s solutions to real
needs, with prior knowledge that ensures the features are
a result of an issue, not the other way around.
Prey’s clients have a direct line to the support team,
which is prompt and ready to tackle any challenges and
to guide the client’s experience across the platform.
Great value on Prey’s support comes from a combination
of active relationships with its customers, and quick
assistance from the developers, which give user-fixes a
high priority.
However, that’s not the end of it. To enrich this
relationship, the company shares its advice on security
with them, Prey also assists its clients when facing
threats, and keeps an open line for any suggestions they
could need security-wise.
A Pioneer Against Technology and Gadget Theft
In the very beginning, Prey pioneered this fight against
technology and gadget theft, before services like ‘Find
my iPhone’ even existed, and even today the
organization is witnessing the great bond it created
between itself and the public.
What’s more, theft is a problem that’s tough to beat, and
nobody likes to feel helpless against it. That’s where
Prey comes-in for aid. The difference is that it does so
but not by taking the load and becoming the hero, quite
the opposite actually; Prey looks to empower its users by
giving them the tools they need to become the hero.
This great user-developer relationship pushes the
company forward constantly with new problems to
tackle, and new opportunities to provide the help users
need.
Securing Devices for the Internet of Things
There’s a great topic, security services should keep an
eye on for at least a couple of years: IoT, or the Internet
of Things. Mobile environments are currently hyper-
connected, but with IoT, this is growing exponentially to
the point where connectable devices will come in all
shapes and sizes, with extremely different utilities and
little regulation.
How Prey secures these IoT devices, and the
environments they generate, are concerns that currently
challenge the security industry. The lack of security
standards among these devices provides a challenge,
especially when one needs to integrate them to a network
without making it vulnerable. Furthermore, IoT will
clash with IT’s current headache: Bring Your Own
Device (BYOD) control and policies. When combined,
both issues can escalate the need for a controlling filter.
With this in mind, Prey has many challenges to focus
upon. Currently, the organization is investigating on the
subject to understand the scope of the security issue, and
how an integrative platform could aid mobile device
security and management to cover the lack of protocols
and standards.
Carlos Yaconi
CEO
March 2018 37
40. We live in a world where
almost every facet of our
lives is connected to the
internet to some degree. Unfortunately,
this ubiquitous relationship with the
online realm is an increasingly
attractive target for individuals and
groups with ill intent.
Cyber attacks have become one of the
biggest nuisances and most potent
threats that individuals, organizations
and governments have to contend with
today.
Into this scenario comes Seceon, a
company focused on empowering
organizations to recognize cyber
threats clearly and quickly, prevent
damage using surgical containment,
and to predict insider attacks through
behavioral threat detection modeling
and machine learning.
Its innovative Open Threat
Management (OTM) Platform gives
MSSPs and Enterprises the ability to
detect, contain and eliminate all known
and unknown threats in real-time.
The platform uses patent-pending
predictive analytics, machine learning,
and dynamic threat models to
automatically generate threat alerts in
real-time, giving IT teams the capacity
to respond before critical data is
extracted and damage is done.
Seceon’s OTM Platform proactively
closes the threat loop. It is the
industry’s first and only fully-
automated, real-time threat detection
and remediation system.
An Expert Leader
Chandra Pandey is the Founder and
CEO of Seceon. He is an expert in
data center architecture and highly
scalable network solutions, and a
proven business leader with more than
20 years of experience developing and
marketing innovative technology
solutions.
Before founding Seceon, he was the
General Manager and Vice President of
Platform Solutions at BTI Systems. He
led a global team through the creation,
development and launch of Intelligent
Secure Cloud Connect Platform to
more than twenty Web 2.0-focused
customer deployments in less than 18
months.
He has also held senior leadership roles
at Juniper Networks, Internet
Photonics, Lucent and 3Com. Chandra
is an inspirational leader who
empowers his team to take on the
continuously-evolving cybersecurity
challenges businesses face, creating a
new market category in the process.
From the very start, Pandey knew that
he needed talented individuals with
passion and drive to create the OTM
Platform. His solution was to hire
some of the best minds in every field
Seceon would be involved - Machine
Leaning, AI, BIG Data Platform,
Networking, Security Modeling and
User Experience.
A Laser Focus
The Seceon team finds its focus from
the company’s motto, “Cybersecurity
Done Right.”
It provides Comprehensive Visibility:
Real-time visualization of all services,
applications, users and hosts and their
interactions; Proactive Threat
Detection: Detection of known and
unknown threats; Automatic Real-Time
Threat Remediation: Elimination and
containment of threats in real-time; and
Reporting and Compliance: Assistance
for HIPPA, GDPR, PCI-DSS, NIST,
and ISO with real-time monitoring.
According to Seceon, there is no other
platform in the industry which
currently has these capabilities, but it
acknowledges that others will soon
Seceon:Cybersecurity Done RIGHT
We are laser focused
on detecting and
eradicating cyber
security threats in
real-time.
“
“
38 March 2018
41. follow its lead. Hence, the company works closely with
partners and customers to maintain its advantage and
continue to deliver the innovative and effective
cybersecurity solutions for which it is known.
Seceon’s platform is unique in its ability to handle millions
of inputs from logs and flows and correlating them into
actionable alerts. Organizations can choose to program
automatic responses to these alerts or opt for single-touch
human intervention.
Because of its ability to scale at speed, the platform can
process data in real-time, updating and activating these
models within minutes through advanced correlation with
intelligent application of machine learning and AI with
actionable intelligence.
The organization’s in-memory, fast analytics processing
enables a more global approach, ingesting and analyzing
data in real-time while correlating it with information about
existing threats and zero-day exploits. In this way, it
delivers prioritized threat alerts to IT/security analysts or
MSSP SOC staff.
Empowering Partners to be Successful
Being 100% channel-driven, Seceon puts significant
emphasis on its relationship with clients. The company’s
goal is to empower them to be successful so they can
dominate their respective niches.
Over time, Seceon has learnt how to better identify partners
that are equally vested in the goals it is trying to
accomplish. In that respect, Seceon constantly uses
feedback from its partners to improve its processes, sharpen
communications, and simplify onboarding. This enhances
the entire partner experience from introduction to demo to
trial to training and, finally, to implementation.
Seceon’s MSSP program is aimed at channel partners
delivering managed security services to Fortune 5000
organizations and SMBs. OTM was built using dynamic
threat model engines, machine learning engines, and
proprietary predictive and behavioral analytics, to provide
what Seceon refers to as a virtual SOC.
MSSPs partner with Seceon because its system reduces the
number of alerts per client and makes available the right
information when an alert is processed; both factors reduce
costs. There is also the competitive advantage of being able
to provide increased business assurance to clients by
detecting threats earlier and warding off attacks.
MSSPs expect to be able to monetize this with value added
service offerings.
Bright Days Ahead
As the world becomes more connected and system
complexity increases, cybersecurity platforms will have to
contend with increasingly sophisticated attacks. Attackers
have access to more computing power and have developed
the ability to go after businesses of any size, but focus
particularly on small- and medium-sized enterprises that are
not as well protected.
Traditional solutions and services from large vendors can
neither combat this increasing sophistication of cyber
threats nor could detect between perimeter and endpoints to
the required level.
For cybersecurity solutions to be successful in these
environments, it is critical that they run in real-time and
have the ability to take immediate action to eliminate
problems. Visualization, speed and scalability are must-
have characteristics of an effective system.
Seceon’s platform runs in real-time, has the ability to view
the entire system, and can be applied by enterprises of any
size.
Seceon will continue to innovate and expand its platform,
investing in an approach that brings together machine
learning and an SaaS model, to stay one step ahead of the
challenges of the future.
Chandra Pandey
Founder & CEO
March 2018 39
42. he rise in cyber-crimes is one of the main causes of
TData center outages. As per the recent survey
conducted by industry insiders, cyber-crime caused
22 percent data center outages in 2015 opposed to 2 percent
outages in 2010. Adding to all these, now most of the data
centers are re-evaluating their security policies after the
recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in
many ways. However, the costliest loss is service
interruption and loss of IT productivity. So, the
organizations are now realizing that traditional security is
no longer secure enough to secure any data center. A recent
study has found that 83 percent of traffic travels east/west
within the data center, which stays undetected by the
Controlling Possible Threats
40 March 2018
43. perimeter security. In this environment, when an attacker
infiltrates the perimeter firewall, then can jump across the
system with ease, extract information and compromise
valuable data. Additionally, data centers can fail due to
trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way
possible from any kind of cyber threat? Don’t worry we’ve
got you covered, with the points below.
As the first step, one should Map the Data Center and flag
the hackers within the virtual and physical infrastructure.
The CSOs and CIOs with a system map of their systems
can react to any suspicious activity and take steps to stop
data breaches. Being able to visualize different traffic
patterns within a network helps to understand threats, that
eventually elevates the level of security.
Understanding and measurement of traffic flow within
the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south,
protected vs unprotected one can get to know about a threat.
Additionally, vulnerable zones and unprotected traffic need
to be monitored for a better result.
Firewall rules need to be defined and implemented as per
requirements. Additionally, one should allow traffic only
after thorough verification and selectively allow
communication to ensure maximum protection. The key is
to identify, what;s legal and secured and what can be
blocked to enhance security.
One needs to Build a Team with executives who
understand how traffic flows within the premises and can
access & secure information, take necessary measures to
secure important assets along with the implementation of
roadblocks for the attackers.
Security must move as fast as a data center’s technology
adoption and integration. Security Strategy Should
Change Alongside the Technology and it should not be
treated as an add-on option. Additionally, businesses also
should ensure that their virus protection, signatures other
protection features are up to date for better protection.
Businesses should Identify and Place Controls over high-
value assets, which will help to reduce risk. However, older
security solutions are completely blind to new threats, new
security companies have produced latest solutions that
protect data in the virtual world.
Access Restriction also needs to be imposed. Every
business should thoroughly check a person’s background
before giving the access to a prized possession. Access to
the main site and the loading bay must be limited,
additionally, two-factor authentications and fortified
interiors with security guards and roving patrols would help
to safeguard the employees and the data center.
Installing Surveillance Cameras around the data center,
alongside removing signs which may provide clues to its
function helps to locate an intruder. A buffer zone between
the data center and all the entry points will limit unlawful
trespassing to a great extent. Additionally, the data center
needs to be far away from the main road and it should not
have any windows other than administrative purposes for
better security.
A data center should Check Test Back-Up Systems
regularly as prescribed by the manufacturer. It should also
ensure to make a list and of Do’s and Don’ts in the event of
an attack. Recovery plans and security plans also need to be
checked thoroughly.
Data centers are always a Soft Target for The Terrorists,
as an attack on them can disrupt and damage major business
and communication infrastructure. So, security needs to be
taken seriously and to do that proactive steps should be
taken to limit the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data
center and they should be well trained. Security officers
must undergo strict site-specific training to monitor
surveillance footage. Depending on the size of data center
and the number of security cameras multiple security
officers may be required on duty. Security officers
dedicated to inspecting surveillance footage helps when it
comes to securing a data center.
Disaster Recovery is very much important, that must be in
place. If the data center stops functioning after an attack or
natural calamity, it must have a way to restore operations as
soon as possible. To be ready for a disaster and to evaluate
the disaster recovery plan, it’s necessary to train staffs well
and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge
of new security systems, solid plans, and comprehensive
visibility. The more work a data center can do up front in
the above-mentioned areas the better the chances of success
with lesser outages.
March 2018 41
Editor’s Pick
44. Omnichannel Agent
and Customer
Engagement Solutions
Simplify and personalize the customer experience,
empower agents and achieve business success
with one workspace for all channel interactions,
application integrations, and CX reporting.
45.
46. Nowadays cybersecurity is more
important than ever for every
business. Cybersecurity
professionals exist in an increasingly
complex world. As the cyber threat
landscape evolves, a new cyber arms
race has broken out that places
organizations and their security
solutions in the crosshairs of a growing
global criminal industry.
Cyber criminals are increasingly
turning to highly-effective, advanced
cyber weapons such as ransomware,
infostealers, IoT exploits and TLS/SSL
encrypted attacks to target
organizations of all sizes around the
world.
The Inception Story
Headquartered in Milpitas, CA,
SonicWall was founded in 1991. The
company wants to help organizations
protect their networks and sensitive
data from advanced cyber-attacks.
SonicWall provides small- and
medium-sized businesses and
enterprises worldwide with real-time
breach detection and prevention
solutions. Its security solutions help
organizations run more effectively and
securely in today’s risky cyber
landscape.
The company regularly updates its
product to provide several layers of
defense against cyber threat trends
identified by the SonicWall Capture
Labs Threat Research Team.
The Experienced Leader
With a career across high-tech
industries spanning more than 30
years, Bill Conner, President and
CEO of SonicWall, is a corporate turn-
around expert and global leader in
security, data and infrastructure.
He began his leadership tenure with
SonicWall when the company broke
off from Dell in November 2016.
Conner has a bachelor’s degree in
mechanical engineering from Princeton
University, and an MBA from the
Wharton School of the University of
Pennsylvania.
A staunch supporter of public-private
cybersecurity partnerships, Conner
regularly shares his expertise with
global financial, enterprise and
government leaders.
He has introduced a clear plan for
strengthening SonicWall’s distribution
channel and improving its rate of
innovation. This strategy has helped
the company exceed every growth goal
it set for itself. Within one year under
Conner’s leadership, SonicWall
surpassed financial and operational
goals, delivering.
Ÿ Record partner registrations of
more than 18,000 global channel
partners with 5,000 new partners
Ÿ Strong pipeline growth with over
$330M in new partner deal
registrations
Ÿ Key service improvements with
80% reduction in wait times
Ÿ A new global marketing campaign
Ÿ Record new product releases
Exclusive Array of Services
Most firms offer the products of
companies with which they partner as
the best solution for all their clients. At
SonicWall, the expertise of their
consultants is their largest asset,
allowing them to offer the very best
solution to their client. The company’s
industry-specific solutions include:
Ÿ SonicWall Next-Generation
Firewalls: When the Capture Labs
threat researchers noted a rise in
malware hiding within SSL/TLS
encryption to evade firewalls, they
developed a broad range of next-
generation firewalls that can inspect
SSL/TLS-encrypted traffic without
slowing network performance.
Ÿ Capture Advanced Threat
Protection (ATP) Service: In
response to the growing number of
advanced persistent threats,
SonicWall introduced the Capture
Advanced Threat Protection (ATP)
service; a cloud-based, multi-
engine sandbox designed to
discover and stop unknown, zero-
day attacks at the gateway and
SonicWall:A Security Center that Delivers Real-Time
Cyber Attack Data
In the cyber arms
race, knowledge
is our most
powerful weapon.
“
“
44 March 2018
47. provide automated remediation.
Ÿ Capture Cloud Real-Time Deep Memory Inspection
TM
(RTDMI ): To help customers identify and mitigate
deceptive memory-based threats and future Meltdown
exploits, they unveiled the patent-pending SonicWall
Capture Cloud Real-Time Deep Memory Inspection
TM
(RTDMI ) in February 2018.
Ÿ SonicWall Secure Mobile Access (SMA) Appliances:
To help companies with mobile workforces keep their
hybrid IT environments secure while providing a
consistent experience for authorized users, SonicWall
released its Secure Mobile Access (SMA) appliances
that provide granular, single sign-on (SSO) access
control; context-aware authorization; file inspection in a
multi-engine cloud sandbox; and easy integration with
enterprise mobility management solutions.
Ÿ SonicWall Email Security: Designed to make secure
and compliant email access easier, SonicWall Email
Security is a next-generation email security platform
that scans a wide range of email attachment types, then
analyzes them in a cloud-based, multi-engine sandbox
and blocks suspicious attachments until they are
reviewed by an authorized administrator.
A Unique Approach
SonicWall thrives on a culture of open information sharing.
This ranges from the real-time alerts and threat information
shared by Capture Labs, to the customer service team’s
systemized sharing of feedback with other lines of business,
to the ongoing education of partners and employees through
SonicWall University, to CEO Bill Conner’s leadership on
cybersecurity trends and legislation.
The company believes that only by having a real-time
understanding of the cyber threat landscape can one
develop and implement best practices and innovative
solutions that work.
Distinctive Strategies for Success
SonicWall’s independent status has given them the ability to
move swiftly on intelligence gathered by the Capture Labs
Threat Network. This allows them to innovate and release
products and services that are unique to the industry, and
these have already proven themselves in the field by
protecting customers against threats ranging from
ransomware to Meltdown.
It is not only SonicWall’s innovative products that set it
apart from the competition, but their distribution strategy,
too. SonicWall moved to a 100-percent channel distribution
model and launched the SecureFirst Partner Program, which
quickly accumulated $330 million in revenue and more than
18,000 global partners in 150 countries.
This success was supported by the launch of SonicWall
University, a role-based training and enablement resource
for partners and employees.
Attracting Customers to SonicWall
To empower and educate their partners, SonicWall ensures
each customer has a one-to-one relationship with a cyber-
security expert. They recently launched a Customer
Support Portal with omni-channel service capabilities.
The customer service department shares the feedback and
insights customers provide with the appropriate lines of
business within SonicWall to drive improvements in
training, communication and product development.
As a result of these and other efforts, customers consistently
rate SonicWall support agents above 89 percent for
responsiveness, technical knowledge, and professionalism.
They also report an 85 percent self-service success rate.
Future Endeavors
As a company that bases its product strategy on a data-
based understanding of the next wave of cyber threats,
SonicWall is well-positioned to help customers weather
them.
They have already started seeing more companies
implementing advanced threat protection solutions,
SSL/TLS inspection capabilities in firewalls, and solutions
geared toward stopping memory-based exploits.
SonicWall hopes to also see more widespread sharing of
information across the industry. Many victims still fear
being stigmatized if they reveal they have been breached,
but sharing this information can help ensure that other
Bill Conner
President & CEO
March 2018 45
48. Tinfoil Security has a founding
team of MIT and intelligence
community alumni, with
extensive backgrounds in security
across many organizations around the
globe. The organization builds
cybersecurity solutions which scale,
for large enterprise companies. It
streamlines the client’s security needs
with tools that easily integrate into any
DevOps process or SDLC. Tinfoil’s
technology empowers its clients’
DevOps and development teams to
become the critical first line of defense,
thereby increasing bandwidth for
security teams to prioritize and
enhance more strategic security
initiatives.
Tinfoil Security’s enterprise offerings
include access to a multitude of tools
that help integrate security into its
clients’ DevOps process.
When Two Undisputed Leaders
Took Charge
Back in 2011, Tinfoil Security was
founded by Ainsley Braun and
Michael Borohovski. Since its launch,
the organization has provided security
solutions to numerous customers,
ranging in size from SMBs to the
Fortune 100.
Ainsley is the CEO of the company
and makes sure to instill a company
culture that prides itself on community
and giving back. This is reflected in the
contributions made by its engineering
team to open source their code,
whenever possible, to the global
community in the battle for
cybersecurity. Ainsley realized that she
wanted to be a leader and innovator in
the cybersecurity industry during her
time consulting with Booz Allen
Hamilton, where she worked upon
graduating from MIT. As a member of
their Strategic Technology and
Innovation division, she has worked
primarily with United States
Department of Defense (DoD) clients.
Michael serves as the CTO of the
organization. His technical abilities
have helped the organization create a
superior product that is on the cutting-
edge of today’s cybersecurity needs.
Michael is phenomenal at starting and
building relationships with anyone he
meets and has played an integral role
in growing and closing the Tinfoil
Security sales pipeline as well. His
pure passion and deep knowledge of
the cyber security industry has allowed
him to often play the trusted advisor
role for Tinfoil Security’s customers,
who lean on him for direction and
advice for protecting their sites and IP.
Ground Breaking Products
Tinfoil Security currently offers two
products; Web Scanner and API
Scanner.
Ÿ WEB SCANNER: Tinfoil Security
knows most CISOs at enterprise
companies deplore their current
security solutions or are just too
jaded to even deal with third party
integrators, especially for scanning
web applications. Tinfoil checks for
over 70 classifications of
vulnerabilities, including the
OWASP Top 10 Web Application
Security Risks, and is always
adding more as new zero-day
vulnerabilities are discovered. The
product scans each time a new
version a customer’s site is
deployed, and can also log into any
Tinfoil SecurityIncorporating Security into your Development
and DevOps Workflow
We're a team of experts
with extensive
backgrounds in
security across
many organizations.
“
“
46 March 2018
49. website, including SAML / Single Sign-On
authenticated sites.
Ÿ API SCANNER: The Tinfoil Security API Scanner is
able to detect vulnerabilities in almost any API,
including web-connected devices such as mobile
backend servers, IoT devices, and web services. The few
tools that are currently available lack coverage depth in
API security or are focused on acting as a firewall or
unintelligent fuzzer. Vulnerabilities focused on
authorization and access control concerns, or even web-
like vulnerabilities like XSS, manifest in different ways
and with different exploitation vectors than they do for
web applications, and the Tinfoil Security API Scanner
takes that into account.
Tackling Uneven Roads
In the early years, Tinfoil was focused exclusively on
SMBs, because of it being an underserved market which
sorely needed help with their application security tooling
and process. As the company grew and gained SMB market
share, it discovered that enterprise organizations actually
had very similar problems and lacked solutions to bridge
the gap between the vastly increased speed of development
and their relatively smaller security teams. The organization
quickly realized that in order to steer Tinfoil Security in the
direction of becoming a globally competitive player in this
space, it had to switch its focus into the enterprise. This
strategy led the company well into profitability, while still
maintaining, supporting, and selling to tens of thousands of
customers in the SMB market.
The profitability turnover was in large part due to Tinfoil’s
ability to adapt and implement an innovative strategy, while
leading with an agile sales and operations process within
the firm. The organization made sure to keep track of and
provide superior support to each and every customer, even
as they reached the tens of thousands. Through this
involvement with customers, the company designed its
product for better UI and UX functionality, making it
seamless, integrated, and usable for DevOps teams.
Future Roadmap
Tinfoil Security has just launched its API Scanner, and will
be focusing on educating CISOs on Tinfoil Security’s
patent-pending technology. Built from the ground up,
Tinfoil provides an integral, fully developed tool that
CISOs can use to bring their developers and DevOps teams
into their cybersecurity strategy to build highly secure
products, easing their burden and increasing efficiency. This
is in contrast to the few competitive solutions that take web
scanners and have jury-rigged them to act as an API
scanner, lacking coverage depth in API security. The only
other options are those focused on acting as a firewall or
unintelligent fuzzer. Tinfoil, instead, focused on solving the
problem as its own problem, rather than rehashing what it
already knew. Tinfoil Security works continuously to
improve the state for the industry’s tools in combating
attackers around the world.
Michael
Borohovski
Co-founder & CTO
Ainsley
Braun
Co-founder & CEO
March 2018 47