Combating cybercrime cannot be done with technology alone, but requires a service model that prioritises intelligence, sharing and using technology to support this, says VENIAMIN LEVTSOV, Vice President, Enterprise Business, Kaspersky Lab.
There is a change in the corporate IT Security industry. Many believe it is driven by the ever-changing threat landscape and the urgency a business experiences during a targeted attack.
However, many companies become a victim of a successful cyberattack these days – and not because of some major breakthrough on the cybercriminal front. In fact, it’s the quantity, not quality of threats that is growing; and this, together with the complexity of corporate infrastructure as well as the lack of security intelligence, which makes businesses vulnerable. As a result, addressing these challenges requires a major perception change by both businesses and security vendors. We believe that technology alone is not able to solve all corporate IT security troubles. What is required is a service model that prioritises intelligence sharing, and uses technology to support this.
Kaspersky Lab rolled out its first security products for businesses more than 15 years ago. That era was the golden age of traditional threat prevention products. Highly sophisticated campaigns like Stuxnet or The Equation did exist back then, but they remained invisible at the time, and it was possible to detect and block the majority of old-school malicious programmes. Despite all of this, a one-size-fits-all solution never existed in our industry. Every now and then we had to deal with a new attack, we had to adjust the various peculiarities of how our products interacted with corporate infrastructure, and we had to change our protection accordingly.
Eventually, the customisation of technology for businesses evolved into consulting on security strategy. Companies were happy if they were able to purchase a security solution to solve all their troubles, but that was no longer enough. Every day businesses face new challenges: mobility, cloud services and infrastructure, and social engineering, to name a few. New technologies like legal apps, for example, can now become part of complex multicomponent attack – and the traditional endpoint security approach does not work for this at all.
Our customers came to us and asked for a solution. But is it even possible to solve every corporate security challenge with new technology? Is there a definitive solution to prevent an employer from opening a suspicious e-mail attachment? Could we address, even with the most sophisticated know-how, all vulnerabilities in hardware and software, taking into account the numerous possible combinations? Two years ago we understood the need to find a way to deliver this intelligence to our clients in an actionable form.
Security is best understood as a process, and every company out there deals with four distinct, universal phases of it. Threat prevention is the better understood phase, and is mostly covered by technology: you have to block each and every one of the generic threats that are emerging at a rate of 310,000 a day.
Detection of sophisticated and targeted attacks is more complex: it requires advanced tools and expertise, but more importantly, this requires time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat. The latter is covered by threat response, where the unique skills of forensic experts are needed the most.
Finally, the prediction of future attacks, and understanding the attack surface, defines the long-term strategic defense capabilities of a company. This is done through running penetration testing and other kinds of security assessment. We have found that non-IT tools – like security awareness campaigns delivered in a game format – can be more influential on employees than security policies or annoying wall posters.
Today a security officer and his team has to pursue all four phases simultaneously and each requires a unique set of skills. Mitigating the future threats means regular security assessment, training employees on general security hygiene, and the analysis of current and future attack methods. Detection is all about identifying anomalies in a regular corporate workflow, covering web, e-mail, network traffic and observing corporate user behaviour. Response is all about localising the incident and closing the initial attack vector.
It’s painstakingly hard to develop this kind of expertise in-house. It’s expensive too, and most times only larger enterprises can afford it. Another serious issue faces businesses that invest in an advanced training programme for their internal security experts. Experts are just people, and it’s natural for them to start looking around for a better job offer if training has increased their market value. There is no universal tactic to keep experts inside a company, other than to continuously raise their salaries. In these circumstances it seems much more reasonable to use an external service from a professional IT security consultant or global player. As a security vendor, we have grown a network of experts around the world with all the necessary skills. The question is how we share this expertise with our clients.
The service model is the only viable solution here. The service model prioritises the real problems of a company and applies the most appropriate measures to solve it. Our services start with online and on premise training programmes for employees and IT specialists, mostly based on the knowledge gathered in our virus lab and emergency response teams in digital forensic and malware analysis. In fact, we let some external frameworks to leave the lab room and start serving our customers. Predicting future attacks means knowing how other companies were hacked, and this is covered by extensive and actionable threat reports. The detection of targeted assaults, and the prevention of dangerous widespread attacks requires a technology and expertise-as-a-service, often a combination of both.
The service model is always focused on solving one security challenge at a time, in a form that is understandable for businesses. On the high level it’s just someone taking responsibility for solving a problem and assuming all corresponding risks. This is a complex model, but we believe it’s the only solution that actually works. The good old approach – when a security vendor could just ship a product license key though the channel and return in a year for renewal – is disappearing very fast.
Empowering a partner network
The model raises questions about how you can share your vast, but not infinite, expert resources with all of your customers around the world, whilst keeping up with response time commitments. Our business has always relied on our partner network and that’s not going to change. It’s not possible to save the world by yourself. We share our expertise with our partners, who in turn gain more capabilities to help their clients. This is especially important for incident response: often this service requires a specialist to start collecting crucial data on premise as fast as possible. Without partners operating locally in every country this would be impossible. The role of a service vendor here is to provide a general investigation framework and tool set.
Although we are taking a step towards the security services area, we are staying in the vendor camp. We still perceive our main role as the producer of effective software solutions, which become the tools for our partners to provide their own services across the globe.
We also see huge potential in delivering the Threat Intelligence to Managed Security Service Providers. This could be useful in different forms including threat data feeds, customer specific reports or notifications about suspicious criminal activity targeting a customer’s IT assets. This model is capable of protecting smaller businesses, who also frequently become victims of targeted attacks, during attempts to infiltrate larger companies.
Thanks to efforts from the industry and our customer demands, in the future we will find ourselves in a much more protected environment, where all flavours of security intelligence are easily accessible. After all, cybersecurity is not about computer algorithms fighting each other. On the other side there are people with malicious intent, tools and knowledge. To protect businesses from them, it is essential to have the right combination of experienced external and internal people, together with a high level of trust, shared intelligence and reliable technology.
Huawei goes ultra-premium
Porsche Design and Huawei have launched the Porsche Design Huawei Mate RS in South Africa exclusive to MTN and retailing for R 26 459.
The Porsche Design Huawei Mate RS boasts features like the world’s first dual fingerprint design, including an in-screen fingerprint sensor, the world’s first Artificial Intelligence (AI) processor and Leica triple camera with 40MP image capture.
“After the overwhelming success of the Porsche Design Huawei Mate 10 Pro in South Africa, we now bring you our latest offering, a perfect blend of innovation in a smartphone and luxury design,” said Likun Zhao, Vice President of Huawei Consumer Business Group Southern Africa. “From three-point security feature including facial recognition, rear fingerprint scanner and the new innovative in-screen fingerprint to the Leica triple camera system. it culminates in an unprecedented experience for our customers.”
The device incorporates Porsche Design’s signature design language and Huawei’s breakthrough technology. The phone has a 6” 2K curved OLED screen and symmetrical look, minimalist feel and 8-edged 3D curved glass body.
High performance is symbolised by the naming of the smartphone: the term “RS” in the world of Porsche motorsport stands for outstanding racing performance.
Huawei provided the following information on The Porsche Design Huawei Mate RS benefits and features :
· The world’s first dual fingerprint scanner for enhanced convenience, allowing users to wake and unlock the device simply, thanks to an in-screen fingerprint sensor. Hover to wake the device, touch to unlock it
· The winning combination of Leica triple camera with 40MP RGB sensor technology and exceptional photography powered by Master AI. This combination puts effortless, eye-catching photography at the fingertips of those looking to immortalise their favourite moments. Combined with 5 x hybrid zoom, and the world’s first AI image stabilisation on a smartphone camera ensures photography lovers can capture the best shots with exceptional clarity in almost any situation
· The Porsche Design Huawei Mate RS is the first Huawei handset to allow quick wireless charging, making it even easier to keep the phone topped up and ready to go and, thanks to its long lasting battery, users will easily be powered through the busiest of days
· An ‘intelligent’ smartphone, the powerful AI processor automatically tailors the performance of the phone according to how it is used – constantly learning, understanding and anticipating needs, it is the perfect personal assistant for the pocket
· 256GB of internal storage means those constantly on the go and constantly on their phone can be worry free
· Dual SLS (super linear system) speakers with DOLBY ATMOS enable users to have a superior experience, with the best immersive surround sound and entertainment on the go
· Splash, water and dust resistant, which means there is no need to worry about damaging the device in the rain or accidentally dropping it in water
Jan Becker, CEO Porsche Design Group, said: “Both Porsche Design and Huawei seek to imagine and develop products that stand for precision and perfection, intelligent functionality and highly sophisticated design. Our aim was to create an outstanding device that goes one step further. We believe we have reached this goal by taking our partnership to the next level.”
Porsche Design and Huawei have worked in tandem to develop a smartphone that fuses together the two brands’ DNA, wealth of experience in design and technology, industry-leading expertise and exceptional performance. Through the use of colour in the device’s body, software themes and accessories, the new handset is accentuated with Porsche Design’s distinguished aesthetic and purist, minimalist feel.
The Porsche Design Huawei Mate RS will be available to purchase exclusively from MTN at R 26 459.
Cross-channel chat launched
Clickatell has launched a cross-channel live chat service, Touch Go, that transforms omni-channel customer care.
It enables live chat across a company’s website as well as social platforms (Twitter and Facebook) and mobile apps, bringing customer care and engagement into a single business platform.
“Today’s consumers expect to engage with your brand on the digital channel of their choosing,” says Deon van Heerden, Clickatell Engage CEO and Group CFO. “They want to message your business and instantly have queries resolved, find the information and services they are looking for, without the need for a voice call. Clickatell’s Touch Go makes that happen with the right level of capabilities for businesses of all sizes.”
Businesses can start using Touch Go immediately, with a free Starter option. Touch Go requires no credit card for sign-up and is fully featured with a simple setup process. It offers customisable branding, a unified chat desk business application as well as reports and analytics.
As the business scales up its digital customer care, it can opt-in for the Touch Enterprise offering. Touch Enterprise is designed for scaling up customer care efforts through advanced capabilities including AI driven virtual agents, sentiment analysis, automated workflows, enterprise integrations and in-channel mini-applications.
“Customer care has become a defining factor for sustained business success ” says Nirmal Nair, Clickatell Engage EVP Product & Marketing. “In an ever-increasing mobile native world, customers often choose to interact digitally, but they also expect to be able to reach a human immediately, should they need. Monitoring multiple channels and providing immediate action becomes challenging with siloed deployments. Touch’s unified solution allows businesses of all sizes to provide the customer delight in a simple modular approach.”