Connect with us

Features

Keeping off DDOS attacks

Published

on

Enterprise Businesses have been facing rising DDOS attacks in terms of size, complexity and frequency which calls for a multi-layered approach

Distributed denial-of-service (DDoS) attacks, is seen as a frequently used strategy by cyber criminals in disrupting Businesses. The impact of a DDoS attack can be quite disastrous for a company’s Business. It is executed through all possible devices with an IP address to send a traffic overload to a targeted network. The targeted network’s system are unable to accommodate the web traffic that is being directed to it and goes down. As one of the prominent areas of an ever evolving landscape of cyber security threats, the need for Advanced detection and mitigation solutions for DDoS is quite critical.

Mahmoud Samy, Regional Director, ME R CIS at Arbor, the security division of NETSCOUT says, “When you talk to CIOs, CTOs etc, they are unanimous that DDOS is one aspect they cannot compromise with. That is because DDOS attack affects company’s financials, reputation, credibility of service etc. While there may still be time taken to mull over other security aspects and strategies, as far as DDOS protection is concerned, you have to be ready to thwart potential DDOS attacks from day one. Hence there cannot be any compromise. It has to be top of the list priority.”

Global DDoS attack data for the first six months of 2016 shows a continuing escalation in the both the size and frequency of attacks, according to data gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas.

In recent years, enterprise Businesses have been facing rising DDOS attacks in terms of size, complexity and frequency. With DDoS tools that are available for free downloads or purchase online, almost anyone with least technical skills can pull off an attack on a target’s web assets. However, there could in fact be a variety of reasons behind a DDoS attack and could also include diversionary tactics.

Mahmoud says, “Success could be 100% from a DDoS attack on an organization that doesn’t have the protection. Protection has to be in place before an event. Attackers can reach their objectives in no time, if there is no protection. There are also simple do it yourself DDoS attacks available on Internet which makes it is easier to launch DDoS attacks.”

He adds, “The attacks could come in different look and feel. They could be volumetric attacks, application attacks or exhausting attacks. Volumetric attack is a flood of traffic targeted to a destination whereas application attacks target a specific application to take it down. Exhausting attacks target security devices – they try and convert the devices that are meant to defend to launch attacks or be the gateway of attacks. Some attacks can be a combination of the three.”

Chris Gale, EMEA Partner Director at A10 Networks at A10 Networks opines these attacks could arise from hit and run strategies orchestrated by untrained individuals or hackers.

According to him, “Considering these attacks are typically the least organized, and pulled off by the least technical individuals, they are the easiest to prevent. Unskilled troublemakers typically will use a paid service to pull off the attacks, making it costly to sustain long-term. By optimizing your network configuration, and utilizing technology with robust load balancing capabilities, the risks posed by these attacks are greatly minimized.”

The attacks could also have origins in political protests or could be traced to even competitors looking to hurt the financials of the company. It may also be a diversionary tactic to sustain the attention of IT staff to the DDoS related mitigation while the cyber criminals execute a more serious incursion into the network.

Chris opines that the fact that a DDoS attack is being used as a smokescreen for a larger security incident is not realized until it’s too late. The best defense therefore is to ensure that all normal cybersecurity processes are continued in the wake of an attack and never assuming the worst is over. Finally, the origin of the attack may also lie in an effort at extracting ransom from Businesses that can’t afford downtime on their systems for protracted periods.

In the era of IoT devices, the threat factor is manifold. The most recent instance is the DDoS attack last month against Dyn, a New Hampshire-based company that hosts DNS zones for many companies. The DDoS attack used the Mirai botnet, which consists of thousands of compromised “Internet of Things” devices, including IP cameras and digital video recorders. The DDoS attack sent enormous volumes of traffic-most of it not DNS-to Dyn’s name servers, overwhelming them and rendering them unable to respond to legitimate queries. The result was that many of Dyn’s customers were unreachable from the Internet, including high-profile companies such as Twitter, Amazon, Netflix and Reddit.

Providing an insight into what enterprises in the Middle East can do to withstand such an attack, Cherif Sleiman, Managing Director, Middle East and Africa at Infoblox says, “Infoblox’s best practices recommend using a combination of on-premises appliances and a DNS hosting provider to support external authoritative name service. A customer following this recommendation would have withstood the attack against Dyn, as their on-premises authoritative name servers would have been accessible throughout the attack. ”

Cherif adds, “Infoblox provides the instrumentation and capabilities underneath the network intelligence where we can uncover insights across your network, security, datacenter layers and the cloud. We are trying to reduce the latency between the time it takes to discover something is amiss and the action that solves the issue.”

In the region, Telecom providers are also playing a significant role in ensuring DDoS protection and driving awareness in their role as MSSPs.

“Service providers are also helping promote the role of DDOS security and they are selling it as a managed service. They have to ensure that their major customers are protected; otherwise the problems could multiply. We have partnered with service providers including Etisalat, STC and du who use our solutions and they are in turn providing DDOS solutions as managed services to the enterprise market, including key verticals such as Financial sector, oil & gas, government sector etc, “says Arbor’s Mahmoud.

Research Team (ASERT) and reportedly, LizardStresser, an IoT botnet was used to launch attacks as large as 400Gbps targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions. In this case, according to ASERT, the attack packets do not appear to be from spoofed source addresses – and no UDP (User Datagram Protocol) based amplification protocols such as NTP (Network Time Protocol) or SNMP were used.

The ASERT report documented that a majority of recent large attacks leverage the Reflection amplification technique using DNS servers, NTP, Chargen and Simple Service Discovery Protocol (SSDP). DNS is currently seen as the most prevalent protocol used in 2016 and adding more cause for concern, the average size of DNS reflection amplification attacks has been growing. Further, while even a 1 Gbps DDoS attack is arguably enough to take most organizations completely off line, the average attack size in 1H 2016 had reached 986Mbps, showing a 30% increase over 2015 and is projected to be 1.15Gbps by end of 2016.

Since the range of attacks is quite varied, from high bandwidth to as low as 1 Gbps, the need is for a hybrid, or multi-layer DDoS defense. According to Darren Anstee, Arbor Networks Chief Security Technologist, high bandwidth attacks are best mitigated in the cloud, away from the intended target.  However, 80% of all attacks are still less than 1Gbps and 90% last less than one hour and therefore on-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.

Offering protection against volumetric flood of data, a key identifier of a DDoS attack, A10 Networks offers Threat Protect System (TPS) appliances and has recently unveiled the latest edition products.

According to Adil Baghir, Sr. Systems Engineer at A10 Networks, many of the available solutions are arguably limited in terms of DDoS mitigation performance and A10 Networks is seeking to address these shortcomings with its latest TPS. The manufacturer’s new group of TPS appliances unveiled in October, provides up to 300 Gbps of DDoS protection in a single box. The top-end device is the new Thunder 14045, which is a 3 RU (rack unit) appliance powered by four 18-core Intel Xeon processors.

Adil adds, “Many existing solutions introduce high latency into the networks and also offer very limited deployment options. We are addressing these issues with our latest launch October of the new TPS appliances which offer the fastest DDoS mitigation solution offering from 1 Gbps to 300 Gbps throughput DDoS mitigation.”

While more awareness is building up in the market about the evolving nature of DDoS threats, more companies in the region could look into having the right solutions in place. The role of the channel in driving awareness goes hand in hand with vendors who have been at the forefront of DDoS technologies.

Mahmoud adds, “The awareness in the market about DDoS is getting better compared to 4-5 years. Arbor has been educating the market regarding DDoS threats for nearly 15 years now. In the early years, no one else was talking of DDoS but that has changed in the past few years. Almost every CIO is talking about it which goes to prove that the awareness is now a lot better.”

Finally, a multi-layered approach is key to having the best chance against staving off such attacks. A no-compromise approach should be the mantra towards securing effectively against DDoS attacks.

 

Features

Building businesses that last: Lessons from Dubai’s Startup Ecosystem

Published

on

Culture Mapping

Dubai-based entrepreneurs and podcast hosts Konstantin Koloskov and Anastasia Davydova share lessons from 2024’s dynamic business landscape, exploring the power of collaboration, sustainable growth, and staying true to your vision amidst rapid change. Dubai in 2024 was a hub of energy and innovation, with startup founders raising capital, scaling rapidly, and embracing the city’s ever-changing landscape

As co-hosts of Culture Mapping, a podcast exploring the intersections of culture, entrepreneurship, and life in the UAE, we’ve had the privilege of looking at Dubai through a unique lens. Our conversations with inspiring guests—from startup founders to artists—have offered us fresh perspectives on the opportunities and challenges 2024 has brought.

At the same time, our collaboration on the podcast has been a powerful reminder of the strength found in partnerships. Beyond being co-hosts, we’re both entrepreneurs leading our own companies — Konstantin, the co-founder of Storm, a content studio, and Anastasia, the co-founder of Movingo, a relocation platform for businesses and talents moving to the UAE.

2024 was a challenging year for both of us, but it reinforced a key insight: the power of collaboration within teams and across industries and ventures. Supporting each other in our businesses while building the podcast together has opened new opportunities, sparked creative ideas, and brought energy to everything we do. We also saw This spirit of collaboration reflected in our podcast guests. Dubai in 2024 has been a hub of energy and innovation, with startup founders like those we interviewed raising capital, scaling rapidly, and embracing the city’s ever-changing landscape. Their stories reminded us how crucial it is to stay connected to a network of thinkers and doers who inspire and challenge you.

Key Lessons from 2024

  1. Stay Open to New Opportunities, But Don’t Lose Sight of Your Core Vision: One of our most memorable guests this year was Phillipo Minelli, a visionary artist who embodies this principle. While he sees the growing potential of the UAE and its flourishing art scene, he stays grounded in the values of his work. Phillipo reminded us that growth and opportunity mean little if they compromise your core mission or beliefs.
  2. Prioritize Sustainable Growth Over Short-Term Gains: Felix Erdman, a businessman featured on our podcast, is a shining example of this lesson. His approach to building wealth with a long-term perspective—eschewing fleeting trends and buzz-worthy ventures—was inspiring. His story reinforced what we’ve learned firsthand in our businesses: thoughtful, strategic growth is the foundation for lasting success.
  3. Collaboration Drives Innovation: Dubai’s vibrant, multicultural energy fosters collaboration in a way few places can. Whether it’s the three startup founders we interviewed—who shared how working with the right partners helped them scale—or the creative synergies we’ve experienced in our work, it’s clear that great things happen when ideas are shared and connections are made.

Looking Ahead to 2025

As we prepare for the New Year, we’re embracing the lessons of 2024 with a renewed focus on intentional growth. The global economic shifts have made us even more mindful of how we approach risk and investment. Innovation matters, but so does sustainability. To our fellow entrepreneurs, here’s the advice we’ll be taking with us into 2025:

  1. Keep an eye on new horizons, but stay true to your vision.
  2. Prioritize sustainable growth over chasing quick wins.
  3. Value collaboration—it’s a game-changer.

Dubai continues to be a city where ambition meets possibility, and we’re excited to see how it will evolve in the year ahead. For us, the focus is clear: building businesses that last, telling stories that matter, and embracing the power of collaboration to make it all possible.

Continue Reading

Features

The GCC Fintech Revolution: A Deep Dive into AI and Financial Literacy

Published

on

Financial Literacy

By Mo Ibrahim, Founder & CEO, Maly

The sheer volume of growth that the fintech industry in the region is experiencing is astounding. Driven by a solid regulatory framework that enables both small and big players to contribute to the region’s digital transformation, the UAE and KSA in particular are both making a strong mark as powerhouses of innovation in the larger fintech ecosystem. As a homegrown brand that is striving to make a mark in the tech sector, this is a very exciting time for us at Maly.

There are many key areas that have dominated the fintech scene this year and will continue to play a definitive role next year as well. AI and machine learning will continue to shape the future of finance, along with digital banking, payment landscapes, and public and private partnerships.

AI and machine learning have opened new opportunities for the sector, pushing boundaries of how it can augment customer service and collect data to help redefine financial services for consumers. At Maly, our aim is to seamlessly integrate artificial intelligence into our product offerings, enhancing both customer experience and operational efficiency. Born out of the vision to reduce the financial literacy gap in the region and empower people to improve their knowledge about concepts such as credit scores, interest rates and budget management, Maly is committed to helping customers set short- and long-term financial goals and achieving them by committing to better financial management.

There has been a lot of debate this year on how AI will replace humans eventually, but with fintech, AI has only enhanced and streamlined processes by helping reduce fraud and improving accuracy. At Maly, we are a step ahead of our competitors with our revolutionary tech stack, which is built and managed inhouse. By combining cutting-edge AI algorithms with a scalable, cloud-native architecture, Maly has created a platform that is not only robust but also highly adaptable to the diverse needs of the evolving fintech landscape.

As a tech-focused business, we are deeply investing in understanding the customer behavior and preferences of our target audience in order to customize their experience. With Maly, you can grow, spend, send, and track your money in the same app and make use of group payments features to split costs, simplify payments between friends and set up a Grow Plan for effortless saving.

According to the 2024 Financial Literacy Survey by Visa, 37 per cent of respondents spend as much as their income and 65 per cent want to improve their knowledge of savings and investments. With a year-on-year increase in the cost of living in the country, influenced by rents, petrol prices and other factors, it is becoming critical for residents to take measures to put a long-term savings plan in place and maintain a good quality of life.

Some of the biggest spenders in both the UAE and KSA are the millennials, and being a tech savvy generation, these customers put substantial focus on personalisation and customer experience. Keeping this in mind, we launched our AI-powered financial guide, Luna. With this service, customers can receive tailored plans and advice based on their financial requirements.

The fintech sector in the UAE and KSA is poised for continued growth, driven by supportive policies, technological innovation, and an appetite for digital transformation. Stakeholders, policymakers, and consumers alike must continue to support and engage with fintech innovators to ensure a dynamic and inclusive financial landscape in the Middle East. By fostering collaboration and embracing technological advancements, we can ensure that the benefits of this digital revolution are realized across all sectors of society.

Continue Reading

Features

The Technology and Processes Shaping the Hospitality Industry

Published

on

technology in hospitality

By – Dr. Sean Lochrie, Associate Professor at Heriot-Watt University Dubai

The hospitality industry has undergone a transformative journey shaped by integrating technology and innovative processes. Particularly in the UAE, a region known for its forward-thinking approach and desire to lead in luxury and service, the impact of these advancements is evident. In a highly competitive market catering to an international clientele with high expectations, embracing technology is beneficial and essential for sustained growth and success.

One of the most significant shifts in hospitality has been the digitisation of the guest experience. Today, digital tools enable a seamless experience from booking to check-out, often with a high degree of personalisation. Many hotels in the UAE use artificial intelligence (AI)-powered chatbots. For instance, Address Hotels and Resorts in Dubai leverages artificial intelligence (AI) for virtual concierge, which can provide an in-depth tour of the Address Downtown Hotel, spotlighting everything from luxurious rooms to gourmet dining and serene spa sanctuaries. Another example is the Ritz-Carlton, a hotel renowned for its exceptional service, which has embraced AI to elevate the guest experience. They introduced an AI-powered chatbot to streamline guest interactions and deliver personalised recommendations.

Many hotels also offer personalised mobile apps that allow guests to check in remotely, access room controls, and request services without interacting with staff directly. These apps are a single interface for managing everything from lighting and temperature to ordering room service. Such conveniences, luxuries just a few years ago, have become essential as guests seek contactless and streamlined interactions. This level of convenience is particularly valuable in the UAE, where the diversity of visitors necessitates quick and personalised communication.

AI and data analytics have transformed how hotels understand their guests and predict their preferences. For instance, by analysing data from previous stays, hotels can tailor their offerings to individual guests, ensuring that each visit is unique and memorable. This predictive capability enables hotels to surprise and delight their guests while optimising resource allocation. AI also plays a significant role in revenue management, allowing hotels to adjust room rates dynamically based on demand and occupancy levels. For instance, many hotels use AI-driven pricing strategies that analyse market trends and competitor pricing, adjusting room rates to maximise occupancy and revenue. Such proactive approaches help hotels stay competitive in a fluctuating market like Dubai, where tourism demand varies throughout the year.

Furthermore, blockchain technology, the foundation of cryptocurrencies like Bitcoin, offers transformative potential for hotel loyalty programs, enhancing security, interoperability, and user experience. With its decentralised ledger, blockchain secures guest information and transaction histories, significantly improving data integrity and privacy. Blockchain enables secure and transparent transactions, reducing the risk of fraud and enhancing data security, an essential consideration in the UAE, where high-end transactions are common. This protection bolsters guest trust in the program. Blockchain also supports interoperability, allowing loyalty points to be earned and redeemed across different hotels or chains, increasing rewards’ flexibility and value. This technology enables real-time, transparent transactions, letting guests track and use points without complex conversion processes. Many blockchain loyalty programs also use tokenised points, which can be traded or transferred, expanding their usability beyond hotel services.

The UAE’s hospitality industry is a beacon of innovation, continually embracing the latest technologies to enhance guest experience, improve efficiency, and drive sustainability. By integrating digital tools, AI, robotics, VR, and blockchain, UAE hotels and resorts are meeting the evolving expectations of modern travellers. These technologies streamline operations and create a memorable and differentiated experience that sets UAE hospitality apart globally. As technology continues to grow and evolve, so will the processes that define hospitality in the UAE, ensuring that this sector remains at the forefront of service, luxury, and innovation. For professionals and stakeholders in the hospitality industry, staying abreast of these advancements is crucial, as they not only influence day-to-day operations but also shape the future of hospitality in a rapidly changing world.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator