Intelligent security

Arun George, International SecOps Sales Leader, CyberRes, a Micro Focus Line of Business on the company’s participation at GITEX and how it is helping customers address the expanding cyber-attack surface.

Can you tell our viewers about some of the products, solutions, and partnerships that you have announced at GITEX 2022? 

CyberRes, a Micro Focus line of business, has four security pillars offering Fortify on Application Security, Voltage on Data Security, NetIQ Identity & Access Mgmt and ArcSight on Next Generation Security Operations or SecOps.

In terms of partnerships, the most exciting is our collaboration with Oregon Systems as our Value-Added Distributor for this region. We’re happy to be present here and be part of the OT Cybersecurity blueprint they have put together, which brings many OT cybersecurity vendors under one roof, offering customers defence-in-depth, layered security and an Operational Technology Security Operations Centre (SOC).

From a product and solutions perspective, I would like to speak about three unique offerings around intelligence.

The first one is about CyberRes Galaxy, which is a threat intelligence platform. We launched Galaxy in line with our SecOps mission of reducing the exposure time by reducing the time to detect and time to respond. Galaxy is different from other TIPs in that it tracks threat campaigns and also associates each threat campaign with Annual Loss Expectancy (ALE) to show the financial impact of such threat campaigns. This makes it easy for security professionals to explain the business impact to businesspeople. Also, the content developed is based on the MITRE ATT&CK framework and hence it contains detailed techniques on how to detect and how to respond, thus reducing the overall exposure time.

For Galaxy, we have a community edition which is free for everyone regardless of whether they are an ArcSight customer or not. So, anyone with a corporate email account can create a login to the Galaxy portal, filter down to the threat campaigns based on region, industry vertical, threat severity etc. and decide to download the content. If you are an ArcSight customer, the entire process can be automated with a click of a button. We’ve also launched CyDNA or Cyber DNA, which serves the purpose of becoming a Cyber Dome to detect and respond to far space cyberattacks at the nation level.

The second offering is through our partnership with CrowdStrike to offer User and Entity Behavior Analytics (UEBA) to customers. CrowdStrike is an undisputable leader when it comes to the EDR space with their lightweight-agent architecture that provides immediate time-to-value. Along with CrowdStrike’s cloud-native Falcon platform, ArcSight Intelligence UEBA combines unsupervised machine-learning based Analytics with Falcon’s Analysis capabilities. Our UEBA offering is differentiated from others in the market by the unsupervised machine learning, where it is based on Data Models. For others, which is based on supervised machine-learning, they need to define labels or load pre-defined rules, which is not true Artificial Intelligence. Our cloud based ArcSight Intelligence UEBA combined with CrowdStrike’s Falcon platform provides customers a wide range of insider threat detection & prevention capabilities like indications of data exfiltration, IP theft, ransomware and sabotage.

The third offering around intelligence is Debricked. Debricked is a developer-centric open-source intelligence company we acquired, and it is aimed at innovating how organisations secure their software supply chain for today and the future. This acquisition further fortifies our drive towards software resilience and DevSecOps. Nearly 90 percent of companies are developing software using open-source components to accelerate their development speed to keep pace with business demands, which comes with accelerated risk. Debricked helps in providing open-source intelligence, automatically identifying & fixing security vulnerabilities in open-source dependencies and also maintaining open-source license compliance.

In the 12 months that have elapsed since GITEX 2021, how has your company performed in the MENA market – and can you disclose some of your biggest business successes during that period? 

CyberRes provides solutions to customers around 4 security pillars and we are part of Micro Focus, which is one of the world’s largest enterprise software providers. CyberRes, over the last one year, has grown significantly in the region, both from a customer perspective and an employee perspective. In terms of customers, we’ve secured new customers (new logos) and have also seen existing customers expanding on their investments and adding technologies from other CyberRes pillars to increase the coverage for attack surface.

We know that technology is growing at rapid speed and that the IT ecosystem is constantly evolving. However, along with that the ‘attack surface’ also is expanding into other environments like OT, IoT and Telco. How do you see CyberRes solutions helping customers address this expanding attack surface?

Gartner predicts that by 2025, cyber attackers will have weaponised Operational Technology environments to successfully harm or kill humans. A few examples are the recent Nord Stream Sabotage (2022), MuddyWater APT (2021), Saudi Petrochem Triton attack (2017), the Iranian Nuclear plant Stuxnet attack (2010) etc.

Operational Technology or OT refers to a category of computing and communication systems (hardware and software) to manage, monitor and control operations with a focus on industrial equipment, assets, processes and events they use. In the past, OT environment used to be disconnected or air-gapped from IT environments and ‘security through obscurity’ was relied upon. However, with industry moving towards Industry 5.0, where it focuses upon the re-humanisation of the race towards automation, OT environment cannot be an isolated environment from IT and within OT, lot of modern IT equipment providing AI and automation have started to appear. With this, the attack surface started extending into the OT environment and these networks became susceptible to cyber-attacks. The impact of successful attacks on the OT environment is severe, as it can harm human lives.

ArcSight NextGen SecOps solution from CyberRes addresses OT cybersecurity by integrating with OT OEM providers like Schneider, Honeywell, Siemens, Rockwell etc. and OT cyber security vendors such as Nozomi, OWL, SIGA, Dragos, Forescout etc. We already have existing customers in Oil & Gas, Utilities, Transportation who are using ArcSight SIEM to monitor and protect the IT+OT/IoT/Telco environment through OT & Telco use cases. Since ArcSight also is a multi-tenant complaint solution, we can provide a unified IT + OT/IoT/Telco SOC solution to customers with a lower TCO.

GITEX is the region’s flagship IT conference and has been for decades. However, considering we now live in a ‘work from anywhere world’ – is GITEX now more important than it ever was, as it enables us all to meet, engage and network in a face-to-face capacity? 

I’ve been part of GITEX since 2003. GITEX has always been an exciting venue to meet with people and discuss about the latest technology trends, especially when it comes to cybersecurity. This gives us an opportunity to network with customers and partners, and also have plenty of technology discussions. The COVID-19 pandemic dealt a huge blow to human lives and this year we have risen from all of that. Hence, we are looking forward to meeting our customers and partners again in person.

We are also showcasing a live OT Attack cycle demo here. We have two PLCs to simulate OT customer environments and show casing various OT Cyber Security vendors from Level 0 to Level 5. ArcSight SIEM the centrepiece of the SOC architecture providing a Unified IT + OT SOC.