Have a question? +971 56 404 0503
Features
Keeping off DDOS attacks
Enterprise Businesses have been facing rising DDOS attacks in terms of size, complexity and frequency which calls for a multi-layered approach
Distributed denial-of-service (DDoS) attacks, is seen as a frequently used strategy by cyber criminals in disrupting Businesses. The impact of a DDoS attack can be quite disastrous for a company’s Business. It is executed through all possible devices with an IP address to send a traffic overload to a targeted network. The targeted network’s system are unable to accommodate the web traffic that is being directed to it and goes down. As one of the prominent areas of an ever evolving landscape of cyber security threats, the need for Advanced detection and mitigation solutions for DDoS is quite critical.
Mahmoud Samy, Regional Director, ME R CIS at Arbor, the security division of NETSCOUT says, “When you talk to CIOs, CTOs etc, they are unanimous that DDOS is one aspect they cannot compromise with. That is because DDOS attack affects company’s financials, reputation, credibility of service etc. While there may still be time taken to mull over other security aspects and strategies, as far as DDOS protection is concerned, you have to be ready to thwart potential DDOS attacks from day one. Hence there cannot be any compromise. It has to be top of the list priority.”
Global DDoS attack data for the first six months of 2016 shows a continuing escalation in the both the size and frequency of attacks, according to data gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas.
In recent years, enterprise Businesses have been facing rising DDOS attacks in terms of size, complexity and frequency. With DDoS tools that are available for free downloads or purchase online, almost anyone with least technical skills can pull off an attack on a target’s web assets. However, there could in fact be a variety of reasons behind a DDoS attack and could also include diversionary tactics.
Mahmoud says, “Success could be 100% from a DDoS attack on an organization that doesn’t have the protection. Protection has to be in place before an event. Attackers can reach their objectives in no time, if there is no protection. There are also simple do it yourself DDoS attacks available on Internet which makes it is easier to launch DDoS attacks.”
He adds, “The attacks could come in different look and feel. They could be volumetric attacks, application attacks or exhausting attacks. Volumetric attack is a flood of traffic targeted to a destination whereas application attacks target a specific application to take it down. Exhausting attacks target security devices – they try and convert the devices that are meant to defend to launch attacks or be the gateway of attacks. Some attacks can be a combination of the three.”
Chris Gale, EMEA Partner Director at A10 Networks at A10 Networks opines these attacks could arise from hit and run strategies orchestrated by untrained individuals or hackers.
According to him, “Considering these attacks are typically the least organized, and pulled off by the least technical individuals, they are the easiest to prevent. Unskilled troublemakers typically will use a paid service to pull off the attacks, making it costly to sustain long-term. By optimizing your network configuration, and utilizing technology with robust load balancing capabilities, the risks posed by these attacks are greatly minimized.”
The attacks could also have origins in political protests or could be traced to even competitors looking to hurt the financials of the company. It may also be a diversionary tactic to sustain the attention of IT staff to the DDoS related mitigation while the cyber criminals execute a more serious incursion into the network.
Chris opines that the fact that a DDoS attack is being used as a smokescreen for a larger security incident is not realized until it’s too late. The best defense therefore is to ensure that all normal cybersecurity processes are continued in the wake of an attack and never assuming the worst is over. Finally, the origin of the attack may also lie in an effort at extracting ransom from Businesses that can’t afford downtime on their systems for protracted periods.
In the era of IoT devices, the threat factor is manifold. The most recent instance is the DDoS attack last month against Dyn, a New Hampshire-based company that hosts DNS zones for many companies. The DDoS attack used the Mirai botnet, which consists of thousands of compromised “Internet of Things” devices, including IP cameras and digital video recorders. The DDoS attack sent enormous volumes of traffic-most of it not DNS-to Dyn’s name servers, overwhelming them and rendering them unable to respond to legitimate queries. The result was that many of Dyn’s customers were unreachable from the Internet, including high-profile companies such as Twitter, Amazon, Netflix and Reddit.
Providing an insight into what enterprises in the Middle East can do to withstand such an attack, Cherif Sleiman, Managing Director, Middle East and Africa at Infoblox says, “Infoblox’s best practices recommend using a combination of on-premises appliances and a DNS hosting provider to support external authoritative name service. A customer following this recommendation would have withstood the attack against Dyn, as their on-premises authoritative name servers would have been accessible throughout the attack. ”
Cherif adds, “Infoblox provides the instrumentation and capabilities underneath the network intelligence where we can uncover insights across your network, security, datacenter layers and the cloud. We are trying to reduce the latency between the time it takes to discover something is amiss and the action that solves the issue.”
In the region, Telecom providers are also playing a significant role in ensuring DDoS protection and driving awareness in their role as MSSPs.
“Service providers are also helping promote the role of DDOS security and they are selling it as a managed service. They have to ensure that their major customers are protected; otherwise the problems could multiply. We have partnered with service providers including Etisalat, STC and du who use our solutions and they are in turn providing DDOS solutions as managed services to the enterprise market, including key verticals such as Financial sector, oil & gas, government sector etc, “says Arbor’s Mahmoud.
Research Team (ASERT) and reportedly, LizardStresser, an IoT botnet was used to launch attacks as large as 400Gbps targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions. In this case, according to ASERT, the attack packets do not appear to be from spoofed source addresses – and no UDP (User Datagram Protocol) based amplification protocols such as NTP (Network Time Protocol) or SNMP were used.
The ASERT report documented that a majority of recent large attacks leverage the Reflection amplification technique using DNS servers, NTP, Chargen and Simple Service Discovery Protocol (SSDP). DNS is currently seen as the most prevalent protocol used in 2016 and adding more cause for concern, the average size of DNS reflection amplification attacks has been growing. Further, while even a 1 Gbps DDoS attack is arguably enough to take most organizations completely off line, the average attack size in 1H 2016 had reached 986Mbps, showing a 30% increase over 2015 and is projected to be 1.15Gbps by end of 2016.
Since the range of attacks is quite varied, from high bandwidth to as low as 1 Gbps, the need is for a hybrid, or multi-layer DDoS defense. According to Darren Anstee, Arbor Networks Chief Security Technologist, high bandwidth attacks are best mitigated in the cloud, away from the intended target. However, 80% of all attacks are still less than 1Gbps and 90% last less than one hour and therefore on-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.
Offering protection against volumetric flood of data, a key identifier of a DDoS attack, A10 Networks offers Threat Protect System (TPS) appliances and has recently unveiled the latest edition products.
According to Adil Baghir, Sr. Systems Engineer at A10 Networks, many of the available solutions are arguably limited in terms of DDoS mitigation performance and A10 Networks is seeking to address these shortcomings with its latest TPS. The manufacturer’s new group of TPS appliances unveiled in October, provides up to 300 Gbps of DDoS protection in a single box. The top-end device is the new Thunder 14045, which is a 3 RU (rack unit) appliance powered by four 18-core Intel Xeon processors.
Adil adds, “Many existing solutions introduce high latency into the networks and also offer very limited deployment options. We are addressing these issues with our latest launch October of the new TPS appliances which offer the fastest DDoS mitigation solution offering from 1 Gbps to 300 Gbps throughput DDoS mitigation.”
While more awareness is building up in the market about the evolving nature of DDoS threats, more companies in the region could look into having the right solutions in place. The role of the channel in driving awareness goes hand in hand with vendors who have been at the forefront of DDoS technologies.
Mahmoud adds, “The awareness in the market about DDoS is getting better compared to 4-5 years. Arbor has been educating the market regarding DDoS threats for nearly 15 years now. In the early years, no one else was talking of DDoS but that has changed in the past few years. Almost every CIO is talking about it which goes to prove that the awareness is now a lot better.”
Finally, a multi-layered approach is key to having the best chance against staving off such attacks. A no-compromise approach should be the mantra towards securing effectively against DDoS attacks.
By Luka Celic, Head of Payments Architecture – MENA, Endava
Banks and payment services providers (PSPs) have been the region’s engines of economic growth for as long as anyone can remember. It is therefore jarring to imagine that this dominance is now under threat. After all, venerable banks and credit card companies have elegantly embraced the Internet, mobile banking, and the cloud to deliver self service banking to millions of customers. But consumers, especially digital natives, have never been known for congratulating an industry for a job well done. Instead, with each convenience, their expectations only grow. The siege reality of the pandemic accelerated a shift in consumer behaviour, and Middle East banks and PSPs now face challenges on three fronts.
The first is FinTechs. from Saudi Arabia’s BNPL (buy now, pay later) pioneer Tamara and Qatar’s unbanked oriented platform cwallet, to online financial services, Klarna, tech startups have been able to tap into rapidly changing consumer markets. New companies find it easier to pivot. And like speed boats racing against aircraft carriers, they weaved effortlessly to fulfil a range of desires amid high smartphone connectivity rates and a range of other favourable market conditions. By one estimate from 2022, BNPL alone accounted for US$1.5 billion (or 4%) of the Middle East and Africa’s online retail market.
The second threat is open banking, which comes in many forms, but one example is the instant-payments platforms being introduced by central banks such as those in Saudi Arabia and the United Arab Emirates. To get a sense of how this could play out, we need only look to Europe, where players who once relied on payments through card schemes are now pivoting towards open banking enabled payments. Closer to home, Al Ansari Exchange recently announced its customers can now transfer money and settle bills via the recipient’s mobile number, enabled by the UAE’s Aani IPP.
And finally, comes big tech. To augment its e-wallet service, Apple has signed up to an open banking service in the UK. The open banking framework which banks enabled through their investments is being exploited by a Big Tech firm that has access to 34% of UK smartphone users. Unsurprisingly, this sparked a fierce antitrust complaint by UK’s banks. Other big names will surely follow as they continue to craft ways of offering the digital experiences that garnered them user loyalty in the first place.
THE BALANCE
Apple Wallet is aimed at blending payment methods, loyalty cards, and other services into a single experience. But such moves have raised regulators’ eyebrows regarding a lack of interoperability and the preservation of competitive markets. Hence, Apple’s open banking foray — a gesture to calm the nerves of a finance market that fears having to compete with a company armed with countless millions of user transactions from which to draw insights. The massive user bases of tech giants will give any FSI CEO goosebumps. How does a traditional bank lure an Apple user? Open banking initiatives open the door to greater competition and innovation, both of which are good for consumers. But the only way to ensure both is by building an ecosystem that balances innovation with regulatory oversight.
FROM INCUMBENT TO INNOVATOR
Yes, smaller businesses have freedom of movement that larger incumbents do not. But that does not mean that there are no paths for banks and PSPs. There are, in fact, several strategies that larger FSI companies can employ to capitalise on the open banking revolution.
The first of these is collaborating to create ecosystems that provide users with frictionless experiences. Established FSIs already have access to a wealth of information about their customers and must now consider how to integrate data sources to create highly streamlined and frictionless workflows. A customer applying for a loan could then see their details auto populated, and credit history already accounted — all without the hassle of lengthy phone calls, application forms, or submission requests. In an age when instant is everything, it’s easy to see why the former approach could foster loyalty, while the latter would only serve to drive customers towards more capable competitors.
Card companies and issuer banks could also work with acquirers to smooth out the rough landscape that has arisen from the advent of digital payments. Acquirers traditionally acted on behalf of the merchants that accepted payment methods to recoup funds from the PSP through the issuing bank. This system has served the industry well, but with more payment methods emerging, acquirers have branched out into mobile wallets, QR codes, and gateway services. Gradually the relevance of established players has dwindled as their lack of representation at the critical checkpoint has diminished their significance. Incumbents must work to turn back the tide by recognising that acceptance and acceptance ownership are becoming increasingly important for maintaining market relevance.
Another strategy is diversification. Veteran FSIs may feel like they’ve lost ground to nimble start-ups and Neo Banks, but history shows value in patience — established FSI players now benefit from the investments of early innovators, and double down on payments innovations which have already shown the most promise. Moreover, if they diversify their portfolios through acquisitions, innovations, and partnerships, they can secure their future. Mastercard presents an excellent example with their US$200m investment into MTM payments. This single move has given the company access to MTM’s 290 million strong subscriber base, allowing these customers to become familiar with Mastercard products before getting entrenched with mobile wallet alternatives.
WHO’S ON TOP?
If we look at the rise of BNPL services, we see an origin story with — at least — major supporting roles for large card providers. But open banking has sidelined them in just a few years. BlackBerry was a stock market darling just five years before it sought a buyer. Traditional FSI players must innovate; they must collaborate with emerging disruptors; they must diversify. They can survive and thrive if they do these things — after all, they already have much of the infrastructure, and experience required for success. Middle East banks and PSPs have the existing user bases, so they have the scale to get out in front in the era of open banking. All they lack is the kind of compelling use cases that will entice the banking public. PSPs and their issuers could offer embedded payments, for example. The right services at the right time will be warmly received by consumers, no matter the scale of the offering institution, so there is every reason to believe that incumbents will come out on top against FinTech and Big Tech.
By Simon Peters, Crypto Analyst at eToro
Ethereum spot ETFs took a significant step forward to being available to US investors last week with approval of the 19b-4 applications, allowing US exchanges (namely Cboe BZX, NYSE Arca and Nasdaq) to list and trade ethereum spot ETFs.
On the back of this, ethereum has been one of the best performing cryptoassets this week, gaining 19%.
According to a recent survey by eToro with retail investors in the UAE, over 74% respondents agreed that the prospect of an ethereum ETF will significantly influence their decision to increase, decrease or maintain their current ethereum allocation.
Focus now turns to the S-1 registration statements from the ETF issuers, as these still need to be approved by the SEC before the ethereum spot ETFs can actually launch and investors can buy them.
As to when the S-1s will be approved we have to wait and see. It could be weeks or months unfortunately.
Nevertheless, with the 19b-4s out of the way, it could be an opportunity now for savvy crypto investors to buy ethereum in anticipation of the S-1s being approved, frontrunning the ETFs going live and the billions of dollars potentially flowing into these.
We’ve seen what happened when the bitcoin spot ETFs went live, with the bitcoin price going to a new all-time high in the months after. Could the same happen with ethereum? The all-time high for ethereum is $4870, set back in 2021. We’re currently at $3650, about 35% away.
We’re also going into a macroeconomic climate with potentially looser financial conditions, i.e. interest rate cuts and a slowdown of quantitative tightening, conditions where risk assets such as crypto tend to perform well price-wise.
By Saeed Alajou, Senior Sales Director, Enterprise Business
With the increasing dominance of technological advancements in the current era, the global retail industry is witnessing a massive shift in its operations. As the industry embraces a varied range of cutting-edge technologies such as artificial intelligence (AI) and big data analytics, it is redefining customer expectations and the conventional concepts of business operations. According to recent studies, The global artificial intelligence (AI) in retail market size is projected to grow from $9.36 billion in 2024 to $85.07 billion by 2032, at a CAGR of 31.8% from 2024 to 2032. This transformative wave is compelling companies to harness the potential of these cutting-edge technologies to maintain their competitive edge.
One of the most evident trends in this era is the convergence of eCommerce, AI and data analytics, which is driving the evolution of the retail landscape worldwide. In the current omnichannel retail landscape, consumers expect consistency and continuity across various touchpoints, pushing industry players to integrate conversational AI. This integration ensures a seamless experience; for example, customers can begin a conversation with a chatbot while browsing online and effortlessly continue it via a mobile app when they visit a physical store.
However, the potential of the omnichannel approach and conversational AI platforms is not limited to supporting customers. They also provide retailers with valuable insights into customer behaviour across different channels. Conversational AI platforms can generate a vast amount of data from customer interactions, offering retailers valuable insights into consumer preferences, trends, and pain points. By analysing this data, retailers can uncover patterns, identify emerging trends, and optimise their product offerings and marketing strategies accordingly.
Furthermore, AI-driven analytics enable retailers to gauge customer sentiment, allowing them to address issues and enhance satisfaction proactively. These data-driven insights empower retailers to make informed decisions and stay ahead of the curve. Reflecting the vast potential of AI, the retail sector in the Middle East is rapidly adopting this technology, becoming a leading industry in AI investment. Reports indicate that AI spending in the Middle East and Africa (MEA) reached USD 3 billion and is expected to grow to USD 6.4 billion by 2026, with a compound annual growth rate (CAGR) of 29.7 per cent.
The innovation of chatbots and virtual assistants has accelerated the integration of AI technologies in retail, revolutionising customer interactions by adding a human-like touch to digital engagements. These tools enhance the purchasing journey, making it more intuitive and responsive, providing customised and real-time recommendations based on consumer sentiment. However, retailers need to manage expectations of scalability and ensure AI complements rather than replaces human interactions.
Furthermore, integrating big data into retail operations helps understand customer behaviour and preferences. Retailers can leverage vast amounts of data to gain insights into customer needs and tailor their offerings accordingly. By analysing customer-generated data, businesses can conduct predictive analysis to anticipate trends and make informed decisions, keeping them ahead of the curve in offering products and services that resonate with their target audience.
When it comes to the impact of AI integration in the retail sector, one key segment where it is significantly visible is the supply chain. By integrating big data analytics, retailers are achieving more efficiency in their supply chain operations. Predictive analytics powered by AI aids in forecasting demand, optimising inventory levels, reducing waste, and ensuring products are available when and where customers need them. This enhances operational efficiency and customer satisfaction by minimising stockouts and delays.
AI integration supports a customer-centric approach in retail, and it positions technology as a key facilitator in meeting customer demand. Advanced technologies can identify and replicate demographic needs and pinpoint where investment is required to add value. The integration of various AI tools including price-matching technologies, pay-per-click advertising optimisation, and predictive analytics, aids the retailers in focusing on perfecting the customer journey, ensuring a seamless and enjoyable experience from the start to finish.
Although AI is widely embraced across the industry regardless of company size, delivering the best customer service requires empowering employees with the right tools and knowledge. When employees are equipped with AI-driven insights, they can provide more personalised and efficient service, enhancing the overall customer experience. This empowerment also promotes a culture of innovation and continuous improvement within the organization.
Additionally, data integration and integrity are crucial for the effectiveness of AI and big data. Retailers must implement systems that can integrate data from various sources, ensuring that all information is accurate, consistent, and up to date. This collaborative approach allows retailers to offer a unified brand experience across all channels while maintaining data boundaries and complying with privacy regulations.
This widespread adoption of AI technologies in the industry underscores the importance of establishing a robust and adaptable regulatory framework. Given the growing concerns about data privacy and ethical use, retailers must ensure responsible and secure handling of customer data. Stagnant regulations can lead to compliance issues and erode customer trust, and this necessitates current and customer-aligned regulations to maintain a trustworthy data environment.
Another challenge in AI integration is utilising AI and big data to experiment with new ideas and strategies. In retail, embracing calculated risks is crucial for innovation and growth, viewing risks as learning opportunities. Being responsive to evolving customer needs allows retailers to navigate uncertainties and capitalise on opportunities for success.
With AI projected to contribute up to USD 320 billion to the Middle East’s economy by 2030, the region is increasing its investment in technology. This emphasises the need for a holistic approach in retail, integrating AI, big data, and a customer-centric mindset to thrive in the market. The industry players can maintain their competitive edge by focusing on efficiency in supply chain operations, understanding consumer behaviour, and empowering employees.
My knife is the secret sauce of my culinary magic
Data tampering is an underrated threat — get your backup ready
Dataiku and KPMG Join Forces to Modernize Analytics, Propelling Enterprises Toward AI Success
Navigating the Cybersecurity Landscape in Hybrid Work Environments
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
How Telecommunications Providers Can Best Tackle DDoS Attacks
THE REGION’S MOST INNOVATIVE E-PAYMENT COMPANY’S TAKE ON TECH ADVANCEMENTS: TOKENIZATION, BIOMETRICS & OPEN BANKING SOLUTIONS!
Genetec Highlights Top Data Privacy Practices for Physical Security Leaders
D-Link’s Approach to Next-Gen Networking Solutions
-
Tech Interviews4 months agoNavigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features1 month agoSecurity in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech Features5 months agoHow Telecommunications Providers Can Best Tackle DDoS Attacks
-
Tech News6 months agoGoogle Appoints Ziad Jammal as Google Cloud Country Manager in the United Arab Emirates
-
Automotive4 months agoAl-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech Features2 weeks agoThe Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Tech News7 months agoSenet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech News4 months agoBrighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
