Features
THE GREAT SHIFT
By Editor
Next-generation security solutions from Cisco deliver advanced threat protection across the entire attack continuum before, during, and after an attack
Cisco, the networking powerhouse has upped the ante in its growing focus on security solutions. Its Global Security Sales Organization (GSSO) is now an independent unit of Cisco. The company is now adopting the go to market strategy of focusing on addressing the entire attack continuum and claims it offers Technologies that fit into all those scenarios.
“Beginning of the fiscal year 2015 at Cisco, we launched the GSSO. So we are now a Business unit focusing solely on security within Cisco,” says Anthony Perridge, Security Sales Director at Cisco.
He adds, “Before a probable attack, you need a robust resilient system while during an attack, you need to monitor and after the attack, you need remediation. We want to move away from the approach of point products as there is no silver bullet. As an industry, our learning has been that the point product approach creates issues because customers find it confusing, getting conflicting messages from the various vendors. They also find it hard to integrate these various products. If you are spending your time integrating the various products, you are possibly leaving out gaps. We are bringing the continuum approach, to cover the before, during and after the attack phases.”
The company conducted a seminar in December in Dubai where this message was driven across to attendees, largely customers. The seminar titled ‘Security Beyond Traditional Defenses’ highlighted the importance of next-generation security solutions from Cisco that deliver advanced threat protection across the entire attack continuum before, during, and after an attack.
The focus is on preparedness for any inevitable breach in the network and subsequent remediation. The line of reasoning is quite persuasive that the attacker only needs to succeed once while the defender needs to succeed always. Therefore there is a strong possibility that the defender is likely to fail one time or the other and hence the need for remediation. The company is focusing on such solutions and this includes the AMP (Advanced Malware Protection) from the SourceFire portfolio.
“From a recent Cisco research, it has been found out that 100% of organizations connect to malicious sites. The question we are asking is what would you do if you already knew that you were hacked? Since 2004, we have been tracking the time between discovery of an attack or compromise and the remediation and what we also found out is that it is sometimes days, weeks or even months. The question therefore is not how high can I build the wall so that my security cannot be breached because at some point the breach is bound to happen. Everybody is using devices that is coming into and out of networks, at work and at home. The complexity of networks, the advent of BYOD, the advent of cloud computing etc are blurring the lines of responsibility for security,” comments Anthony.
Cisco offers technologies that do remediation, which are forensic type tools that can go back in time and find out the entry point, who was infected, how it proliferated and the damage it has done to the organization. These present great opportunities for incident response, as a service, believes Anthony.
He says, “When an attack occurs and proliferates, it is the equivalent of an emergency call to the service provider to provide remediation services. It is an opportunity about helping with the clean-up and then the forensics about how the attack occurred and how to prevent it from happening again.”
He also believes that the shift towards security as a managed service rather than as a product is inevitable.
Anthony says, “By 2018, 65% of cyber security spend would be on services. Historically, the security spend has been in favor of products. This is going to shift. There is a great opportunity for the channel.”
Reasons in favor of Cisco to be a leader in the network security space include the fact that Cisco sees more network traffic than Google as it has more data points about what’s going on globally on networks. That gives the company privy to a great deal of information and therefore a strong leverage in being able to offer the necessary threat monitoring service which it makes available to its customers. This is offered directly as well as via partners.
Anthony adds, “We can offer a global monitoring service and many of our partners, be it global service providers or outsourcing companies provide it as a Managed Service. We have two pronged opportunity and if customers want to buy that directly from us, they can but also certainly we don’t deviate from our channel focus.”
The company is working with several global scale Managed services providers and believes there is a strong opportunity for Managed Services providers regionally as well because of data concerns.
“Historically, there has been a small number of managed service providers like BT, Symantec, Dell Secure Works or an IBM type of organization. We work with almost all of them. In terms of the region, there is significant opportunity for local Managed service providers, especially because customers in the region are concerned to keep the data locally in the country and then there all the regulatory requirements. There is definitely a demand.”
The fact that there is a shortage of nearly a million security practitioners vis-à-vis the demand is also ensuring that the demand is also which is driving the tide in favor of Managed services. Anthony expects that more flexible consumption models such as security as a service etc will gain ground.
The recent seminar was also an occasion to unveil the Cisco ASA with FirePOWER Services – a threat-focused Next Generation Firewall (NGFW) for its UAE customers at the event. This also includes some SourceFire technologies.
Anthony says, “If you look at the recent NSS Labs report, it is a market leading product offering best in class features, best in detection rates and has threat centric approach. Cisco ASA platform is among the most widely deployed platforms, tried and tested and we are bringing into that some of the SourceFire Technologies. It is amazing that within twelve months, how both the teams have come together and worked jointly to bring new products to market. The event has been very well attended and there is a high level of interest.”
With the likely advent of IoT (Internet of Things) on a growing scale, the data sensor points will multiply manifold and in the new scheme of things, it would be mandatory to secure upfront rather than at a leisurely pace.
“For cisco it is a huge opportunity to look to have security being built into all solutions rather than as an afterthought. That can be more effective and also offer lower cost of ownership. There are not many organizations that are as well placed as Cisco to secure networks and integrate the security into the networking,” adds Anthony.
On the partner front, Cisco has tried to encourage the traditional Cisco networking partners to integrate security onto the infrastructure solutions. Concurrently, the company has been very keen to retain all SourceFire partners that have been typically focusing on best of breed security solutions. While some of them were also working with cisco, some weren’t.
Anthony says, “We modified the cisco security channel program to make it more attractive for security centric partners. We have made accreditation an important part of the program so that the experts are rewarded. One of the days we have been done that is we are providing deal registration so that the margins are secured for security centric partners.”
In the final analysis, Cisco’s focus on security is quite strong. The Cisco approach to cybersecurity is visibility driven, threat focused, and platform based. It is encouraging the trend towards security as a service model.
Anthony says, “As an industry, we need to be thinking about moving away from product type model of security solutions. There is a growing appetite for new consumption models. Margins are likely to be eroded in the traditional model and we would be encouraging partners to look at value add expertise and services.”
Features
Why and how to Invest in Technology for Financial Efficiency in Restaurants
By Naji Haddad, VP – EMEA at Deliverect
In today’s competitive market, staying ahead of the curve is crucial to using essential cutting-edge technology for restaurants to thrive. Modern technology is transforming every facet of the restaurant business. From automating tasks with robotics to utilizing software for inventory management and customer service, these solutions empower restaurants to operate more efficiently and profitably, reshaping the entire industry.
Nowadays, new restaurants, ghost kitchens, and virtual food brands are popping up at every corner, making our industry the most competitive it has ever been; using the right tech is the way to reduce financial waste and elevate financial efficiency in the coming years.
Consolidating tech into a Comprehensive Solution
While tech integration is crucial, it shouldn’t burden restaurants with excessive costs or complexity. Many restaurants make the mistake of overinvesting in new software and even hardware solutions without first analyzing their needs, goals, and focus areas.
For example, one of the major focus areas for any growth-oriented restaurant would be to consolidate its tech and use a solution to seamlessly aggregate online orders, manage menus, track data, and reduce redundancy across your Point-of-Sale (POS) system.
This streamlines workflows and provides a unified overview of all incoming orders, especially for restaurants with multiple sales channels.
Always aim for a lean tech operation where you use only a handful of critical tools that provide as much bang for your buck as possible.
Protection of Revenue: Reducing Failed Orders
One of the critical aspects of financial efficiency in restaurants is reducing failed orders. This not only affects revenue but also customer satisfaction and loyalty. Having a solution that seamlessly integrates all your equipment, from online ordering systems to kitchen appliances, helps in reducing errors and ensuring orders are fulfilled accurately and on time.
By leveraging technology to streamline order processing, track inventory in real-time, and minimize manual errors, restaurants can protect their revenue by avoiding costly mistakes that lead to dissatisfied customers and lost sales opportunities.
Moreover, implementing predictive analytics and machine learning algorithms can further enhance order accuracy and reduce the risk of errors, contributing to improved revenue protection and customer experience.
Financial Tracking: A Cornerstone for Success
Effective financial management is paramount. Beyond tracking revenue and sales, restaurants require meticulous expense management and year-round financial analysis.
Financial monitoring and meticulous analysis are the foundational pillars of data-driven decision-making in this business, giving you a competitive edge. It all starts with the right accounting software that will provide you with a comprehensive overview of your accounts receivable and accounts payable, along with detailed reports.
This software should provide comprehensive overviews of accounts receivable and payable and detailed, granular reports – both at the micro and macro levels – to identify seasonal and annual cash flow trends.
Using Technology to Optimise Labor Costs
Everything is becoming more expensive. From logistics, food, packaging, equipment, and compliance to labour, training, and talent retention, restaurant owners desperately seek ways to cut their expenses.
Task automation is key to optimizing labor costs in restaurants. By automating repetitive tasks such as order processing, inventory management, and reporting, staff can focus on higher-value activities like customer service, menu innovation, and strategic planning.
Automated scheduling tools can also help in optimizing labor allocation based on demand patterns, ensuring adequate staffing levels without unnecessary overtime or understaffing situations. This not only improves operational efficiency but also enhances employee satisfaction and reduces turnover rates.
Investing in staff training on using these automated tools effectively can further maximize their impact on labor cost optimization and overall business performance.
Investing in the Future
The restaurant industry is becoming more competitive than ever, but that doesn’t mean that small businesses or up-and-coming brands can’t build long-term success and stability. However, by embracing technology for operational efficiency, cost optimisation, and strategic growth, restaurants of all sizes can thrive with this competitive edge in 2024 and beyond.
Features
Robust patch management. In the fight against ransomware, it’s time to get back to basics
By Saeed Abbasi, Product Manager, Vulnerability Research, Qualys Threat Research Unit (TRU)
In the Arab Gulf region, ransomware has become an epidemic. Since 2019, Saudi Arabia has been a top target for RansomOps gangs. And the GCC remained the most affected territory in the Middle East and Africa, as of 2023, showing a 65% increase over 2022 for instances of victims’ information being posted to data-leak sites. According to the Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, approximately 20% of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns. Attackers have become more relentless and more sophisticated, just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures.
In today’s climate, senior executives approach discussions about cyber risk with the expectation of hearing unfavorable news. Indeed, matters have escalated of late with the emergence of human-mimicking AI. We used to take comfort in the fact that at least artificial intelligence could not be creative like people could. But that was before generative AI came along and left us speechless — with delight or dread, depending on our day job. For security professionals, it is the latter because every new technology that arrives will eventually get exploited by threat actors. AI and its generative subspecies can make it easier to find vulnerabilities, which implies there will be a surge in the volume of zero-days. And GenAI can pump out convincing phishing content at a scale unreachable by human criminals.
But in a break with tradition, I offer good news. In the daily struggle with ransomware threats, the answer lies in the daily fundamentals of IT admin. Patch management is the keystone of cyber resilience. As each vulnerability becomes known and fixes are released, that dreaded countdown begins again. Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not, organizations must be prepared to act strategically when fixes become available. It may be that a patch fixes an error that poses no risk to the enterprise, in which case patching would not have much impact on reducing cyber risk. Hence, organizations need to look at prioritizing patching the assets that cause the most existential risk to the company, maximizing their patch rate (a measure of how effectively vulnerabilities are addressed) and minimizing their mean time to remediation (MTTR) for such “crown jewel” assets.
Windows mean doors
The Qualys Threat Research Unit (TRU) uses these metrics often in anonymized studies of organizations’ cyber-readiness. Our 2023 Qualys TruRisk Research Report found that weaponized vulnerabilities are patched within 30.6 days in 57.7% of cases, whereas attackers typically publish exploits for the same flaws inside just 19.5 days. That 11-day window is where our concerns should be concentrated. It should spur us to revisit patch management and — if we have not already — to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers.
If we imagine a graph of MTTR plotted against patch rate for every vulnerability, then we can imagine four quadrants, defined by combinations of “high” or “low” for our two metrics. Our sweet spot is in the bottom righthand corner, where patch rate is high and MTTR is low. We could call this quadrant, the “Optimal Security Zone”. If a vulnerability is in this zone, we are unfazed by it. It is low-risk because it is patched and resolved quickly. In the top right, we find that patch rate is still high, so we call this the “Vigilant Alert Zone”, but incidents take a longer time to remediate (high MTTR). But while this is a higher source of concern, it is less worrying than if a vulnerability falls in the bottom left quadrant — the “Underestimated Risk Zone”. Here, we find overlooked vulnerabilities (low patch rates) but unexpectedly short remediation times. These flaws can quickly become risks if left unaddressed. Finally, we come to our red-flag quadrant, the “Critical Attention Zone” (top left), where vulnerabilities have low patch rates and take a long time to resolve.
Combining metrics like this can give us important crossover information that allows us to triage our patch management effectively. By exploring the critical areas first, we can examine overlooked vulnerabilities and discover either that they pose little threat and are less of a source of concern, or that they could lead to a ransomware incident, in which case they become a top priority on our to-do list. With RansomOps groups now leveraging advanced automation tools, the importance of optimal patch management cannot be overstated. Ensuring that systems are updated and secure is critical to prevent potential vulnerabilities.
Action stations
Starting today, then, GCC organizations should look to their vulnerability management strategy and determine an approach that is able to stand up to armies of threat actors, working as a unified industry, equipped with advanced AI, to disrupt, disable, and damage the region’s innovative spirit. We all need to make sure that our vulnerability gaps are closed and our defenses tightened against these malicious actors. Technical and business stakeholders must collaborate on crafting roadmaps that make sense to their operational uniqueness.
The hope remains that one day, cyber criminals, a persistent threat today, will be effectively countered by innovative security technologies. However, we must confront the fact that attackers are becoming more sophisticated, their campaigns are escalating in scope, and the resources available for cybersecurity defense are often constrained.
The solution does not lie in an unknowable panacea, but in the day-to-day fundamentals — robust patch management that uses the four-quadrant principle and aims for the highest possible patch rate and the shortest possible resolution time. The top practitioners in any field — sports, business, the arts — will always extol the virtues of the fundamentals. If it works for them, then why not for us? So, let’s get back to basics and send the ransomware actor packing.
Features
Sustainable Investing: Balancing Profit And Purpose
By Joseph El Am, General Manager, MENA, StashAway
The climate crisis is the defining challenge of our time. The first half of 2024 saw temperatures reach a 175-year record, clearly illustrating the urgency of the situation. It’s often said that everyone, as individuals, can and should vote with their wallets – something that goes beyond choosing sustainable products to encompass sustainable investing.
As the magnitude of climate change continues to grow, investor interest in sustainable investing has also risen, with over half of global investors planning to increase their sustainable investments in the next 12 months. ESG investing is one-way individuals can help promote a more sustainable, just, and equitable world by supporting companies that are accountable for their environmental impact, socially responsible, and committed to fair and transparent business practices. Still, for most investors, financial returns remain the main priority – which raises the question: Is it possible to balance profit with purpose?
WHAT IS SUSTAINABLE INVESTING?
As a starting point, let’s first look at what sustainable investing actually means. Firstly, there’s ESG investing, which considers the environmental, social, and governance (ESG) factors of a company. It gives investors a framework to assess how sustainable and long-lasting an investment is likely to be.
ESG is practical because its framework can help investors identify future-proof companies. Investors can use ESG to help them avoid investing in companies that engage in risky or short-signed behavior, which can cost a company and its shareholders more. Indeed, studies have shown that companies with strong ESG performance tend to outperform their peers in the long term. A 2023 McKinsey study found that companies that deliver strong performance in both financial and ESG metrics deliver 2% higher annual excess total shareholder return than those that excel only in financial metrics.
ESG INVESTING ISN’T ALWAYS THAT STRAIGHTFORWARD
While the benefits of ESG investing are clear, the road towards it can be difficult to map out. The way in which we define and regulate ESG is often complicated by the challenges of measuring ESG criteria. Environmental and social practices aren’t universally regulated nor quantifiable in financial terms yet. For example, there’s still no universal standard for measuring the harm a company causes its workers or to which extent a company is responsible for its supply chain. These factors make regulating ESG difficult compared to traditional investing, which has established standards on financial reporting. The limitations of reporting ESG data are often a key barrier holding investors back from making sustainable investments.
While the way experts define and regulate ESG will likely evolve as we seek out better means of measurement, institutions have already developed ESG scoring to help fund managers build ESG-friendly portfolios. MSCI and Morningstar, for example, designate ESG ratings based on how a company manages its ESG risks compared to other companies within the same industry. Such industry-recognized ESG scoring models can help investors make well-informed decisions that align with their values. Our Responsible Investing Portfolio, for instance, uses both the MSCI ESG rating and the Morningstar Sustainability Rating to provide an average of the two scoring models, offering environmentally conscious investors better visibility into their portfolios.
INVESTING IN THE FUTURE OF CLEANTECH
Thematic investing in environmental tech is another way to invest in companies that help shape a cleaner and greener world. While ESG investing looks at a broad range of companies across industries and considers additional factors like diversity and social responsibility, thematic investing can focus specifically on the environment industry, from renewable energy to smart grids and waste management technologies. The environment tech sector is expected to see significant growth in the coming years, driven by net-zero emissions goals by governments around the world and technological advancements. Take clean energy for example – the International Energy Agency found that global clean energy investment has increased by nearly 50% from 2019 to 2023, reaching USD $1.8 trillion last year. In the Middle East region, countries have pledged to add 62GW of renewable energy capacity over the next five years – a pace of growth that is more than three times the previous five-year period.
As advancements in AI take the world by storm and drive energy consumption, the need to invest and build up our renewable energy capacity will likely only accelerate further. Investing in such cleantech sectors allows investors to not just make a positive impact on our planet and societies, but also diversify their portfolio with exposure to technologies with high-growth potential.
RESPONSIBLE INVESTING THAT SUITS YOUR PERSONAL GOALS
We’ve discussed the different ways to invest with sustainability in mind, and how such environmentally responsible investments don’t have to come at the expense of long-term returns. Even so, how each individual approaches sustainable investing will still depend on your financial goals and risk appetite (as always!). For those just starting their financial journey, consider a well-diversified portfolio optimized for both performance and ESG. Building such a core investment portfolio as a foundation can help you work towards long-term financial goals, such as saving for retirement. On the other hand, investors ready to diversify further and gain greater exposure to new sectors can look at thematic portfolios with a focus on environment and cleantech. Whichever path you choose, it’s clear that sustainable investing can balance both profit and purpose, while staying in alignment with your financial goals.
-
Tech News2 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews6 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features3 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech Features3 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Tech News6 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Automotive6 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech Features7 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks
-
Tech News9 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform