Combating cybercrime cannot be done with technology alone, but requires a service model that prioritises intelligence, sharing and using technology to support this, says VENIAMIN LEVTSOV, Vice President, Enterprise Business, Kaspersky Lab.
There is a change in the corporate IT Security industry. Many believe it is driven by the ever-changing threat landscape and the urgency a business experiences during a targeted attack.
However, many companies become a victim of a successful cyberattack these days – and not because of some major breakthrough on the cybercriminal front. In fact, it’s the quantity, not quality of threats that is growing; and this, together with the complexity of corporate infrastructure as well as the lack of security intelligence, which makes businesses vulnerable. As a result, addressing these challenges requires a major perception change by both businesses and security vendors. We believe that technology alone is not able to solve all corporate IT security troubles. What is required is a service model that prioritises intelligence sharing, and uses technology to support this.
Kaspersky Lab rolled out its first security products for businesses more than 15 years ago. That era was the golden age of traditional threat prevention products. Highly sophisticated campaigns like Stuxnet or The Equation did exist back then, but they remained invisible at the time, and it was possible to detect and block the majority of old-school malicious programmes. Despite all of this, a one-size-fits-all solution never existed in our industry. Every now and then we had to deal with a new attack, we had to adjust the various peculiarities of how our products interacted with corporate infrastructure, and we had to change our protection accordingly.
Eventually, the customisation of technology for businesses evolved into consulting on security strategy. Companies were happy if they were able to purchase a security solution to solve all their troubles, but that was no longer enough. Every day businesses face new challenges: mobility, cloud services and infrastructure, and social engineering, to name a few. New technologies like legal apps, for example, can now become part of complex multicomponent attack – and the traditional endpoint security approach does not work for this at all.
Our customers came to us and asked for a solution. But is it even possible to solve every corporate security challenge with new technology? Is there a definitive solution to prevent an employer from opening a suspicious e-mail attachment? Could we address, even with the most sophisticated know-how, all vulnerabilities in hardware and software, taking into account the numerous possible combinations? Two years ago we understood the need to find a way to deliver this intelligence to our clients in an actionable form.
Security is best understood as a process, and every company out there deals with four distinct, universal phases of it. Threat prevention is the better understood phase, and is mostly covered by technology: you have to block each and every one of the generic threats that are emerging at a rate of 310,000 a day.
Detection of sophisticated and targeted attacks is more complex: it requires advanced tools and expertise, but more importantly, this requires time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat. The latter is covered by threat response, where the unique skills of forensic experts are needed the most.
Finally, the prediction of future attacks, and understanding the attack surface, defines the long-term strategic defense capabilities of a company. This is done through running penetration testing and other kinds of security assessment. We have found that non-IT tools – like security awareness campaigns delivered in a game format – can be more influential on employees than security policies or annoying wall posters.
Today a security officer and his team has to pursue all four phases simultaneously and each requires a unique set of skills. Mitigating the future threats means regular security assessment, training employees on general security hygiene, and the analysis of current and future attack methods. Detection is all about identifying anomalies in a regular corporate workflow, covering web, e-mail, network traffic and observing corporate user behaviour. Response is all about localising the incident and closing the initial attack vector.
It’s painstakingly hard to develop this kind of expertise in-house. It’s expensive too, and most times only larger enterprises can afford it. Another serious issue faces businesses that invest in an advanced training programme for their internal security experts. Experts are just people, and it’s natural for them to start looking around for a better job offer if training has increased their market value. There is no universal tactic to keep experts inside a company, other than to continuously raise their salaries. In these circumstances it seems much more reasonable to use an external service from a professional IT security consultant or global player. As a security vendor, we have grown a network of experts around the world with all the necessary skills. The question is how we share this expertise with our clients.
The service model is the only viable solution here. The service model prioritises the real problems of a company and applies the most appropriate measures to solve it. Our services start with online and on premise training programmes for employees and IT specialists, mostly based on the knowledge gathered in our virus lab and emergency response teams in digital forensic and malware analysis. In fact, we let some external frameworks to leave the lab room and start serving our customers. Predicting future attacks means knowing how other companies were hacked, and this is covered by extensive and actionable threat reports. The detection of targeted assaults, and the prevention of dangerous widespread attacks requires a technology and expertise-as-a-service, often a combination of both.
The service model is always focused on solving one security challenge at a time, in a form that is understandable for businesses. On the high level it’s just someone taking responsibility for solving a problem and assuming all corresponding risks. This is a complex model, but we believe it’s the only solution that actually works. The good old approach – when a security vendor could just ship a product license key though the channel and return in a year for renewal – is disappearing very fast.
Empowering a partner network
The model raises questions about how you can share your vast, but not infinite, expert resources with all of your customers around the world, whilst keeping up with response time commitments. Our business has always relied on our partner network and that’s not going to change. It’s not possible to save the world by yourself. We share our expertise with our partners, who in turn gain more capabilities to help their clients. This is especially important for incident response: often this service requires a specialist to start collecting crucial data on premise as fast as possible. Without partners operating locally in every country this would be impossible. The role of a service vendor here is to provide a general investigation framework and tool set.
Although we are taking a step towards the security services area, we are staying in the vendor camp. We still perceive our main role as the producer of effective software solutions, which become the tools for our partners to provide their own services across the globe.
We also see huge potential in delivering the Threat Intelligence to Managed Security Service Providers. This could be useful in different forms including threat data feeds, customer specific reports or notifications about suspicious criminal activity targeting a customer’s IT assets. This model is capable of protecting smaller businesses, who also frequently become victims of targeted attacks, during attempts to infiltrate larger companies.
Thanks to efforts from the industry and our customer demands, in the future we will find ourselves in a much more protected environment, where all flavours of security intelligence are easily accessible. After all, cybersecurity is not about computer algorithms fighting each other. On the other side there are people with malicious intent, tools and knowledge. To protect businesses from them, it is essential to have the right combination of experienced external and internal people, together with a high level of trust, shared intelligence and reliable technology.
Android Go puts reliable smartphones in budget pockets
Nokia, Vodacom and Huawei have all launched entry-level smartphones running the Android Go edition, and all deliver a smooth experience, writes BRYAN TURNER.
Three new and notable Android Go smartphones have recently hit the market, namely the Nokia 1, the Vodafone Smart Kicka 4 and the Huawei Y3 (2018). These phones run one of the most basic versions of Android while still delivering a fairly smooth user experience.
Historically, consumers purchasing smartphones in the budget bracket would have a hit-and-miss experience with processing speed, smoothness of user interface, and app stability. The Google-supported Android Go edition operating system optimises the user experience by stripping out non-important visual effects to speed up the phone. Thish allows for more memory to be used by apps.
Google also ensures that all smartphones running Android Go will receive feature and security updates as they are released by Google. This is a major selling point for these smartphones, as users of this smartphone will always be running the latest software, with virtually no manufacturer bloatware.
Vodafone Smart Kicka 4
At the lowest entry-level, the Vodafone Smart Kicka 4 performs well as a communicator for emails and WhatsApp messages. The 4” screen represents a step up for entry-level Android phones, which were previously standardised at 3.5”.
The display is bright and very responsive, while the limited screen real estate leaves the navigation keys off the screen as touch buttons. It uses 3G connectivity, which might seem like an outdated technology, but is good enough to stream SD videos and music. Vodacom has also thrown in some data gifts if the smartphone is activated before the end of September 2018.
Its camera functionalities might be a slight let down for the aspirant Instagrammer, with a 2MP rear flash camera and a 0.3MP selfie snapper. Speed wise, the keyboard pops up quickly, which is a huge improvement from the Smart Kicka 3. However, this phone will not play well with graphics-intensive games.
Next up is the Nokia 1, which adds a much better 5MP camera, improved battery life and a bigger 4.5” screen. It supports LTE, which allows this smartphone to download and upload at the speed of flagships. It also sports the Nokia brand name, which many consumers trust.
Although the front camera is 2MP, the quality is extremely grainy, even with good lighting. This disqualifies this smartphone for the social media selfie snapper, but the 5MP rear camera will work for the landscape and portrait photographer.
The screen also redeems this smartphone, providing a display which represents colours truly and has great viewing angles. Xpress-on back covers allows the use of interchangeable, multi-coloured back covers, which has proven to be a successful sales point for mid-range smartphones in the past.
Huawei Y3 (2018)
The most capable of the Android Go edition competitors, the Huawei Y3 (2018) packs an even bigger screen at 5”, as well as an improved 8MP rear camera and HD video recording. The screen is the brightest and most vibrant of the three smartphones, but seems to be calibrated to show colours a little more saturated than they actually are.
Nevertheless, the camera outperforms the other smartphones with good colour replication and great selfie capabilities via the 2MP front camera – far superior to the Nokia 1 despite the same spec. LTE also comes standard with this smartphone and Vodacom throws in 4G/LTE data goodies until the end of September 2018. The battery, however, is not removable and may only be replaced by a warranty technician.
Comparing the 3
All three smartphones have removable back covers, which provide access to the battery, SIM card and SD card slots. The smartphones have Micro USB ports on the bottom with headphone jacks on the top. The built-in speakers all performed well, with the Y3 (2018) housing an exceptionally loud built-in speaker.
Although all at different price points, all three phones remain similar in performance and speed. The differentiators are apparent in the components, like camera quality and screen quality. It would be fair to rank the quality of the camera and battery life by respective market prices. The Vodafone Smart Kicka 4 performed well, for its R399 retail price. The Nokia 1, on the other hand, lags quite a bit in features when compared to the Huawei Y3 (2018), bwith oth retailing at R999.
SA gets digital archive
As the world entered the centenary of Nelson Mandela’s birth on Mandela Day, 18 July 2018, South Africa celebrated the launch of a digital living archive.
The southafrica.co.za site carries content about the country’s collective heritage in South Africa’s eleven official languages.
Designed as a nation building, educational and brand promotion web based tool, the free-to-view platform features award-winning photographic and written content by leading South African photographers, authors, academics and photojournalists.
The emphasis is on quality, credible, factual content that celebrates a collective heritage in terms of the following: Cultural Heritage; Natural Heritage; Education; History; Agriculture; Industry; Mining; and Travel.
At the same time as reflecting on the nation’s history, southafrica.co.za celebrates South Africa’s natural, cultural and economic assets so that the youth can learn about their nation in their home language.
Southafrica.co.za Founder and CEO Hans Gerrizen conceptualised southafrica.co.za as a means for youth and communities from outlying areas to benefit from the digital age in terms of the web tool’s empowering educational component.
“We can only stand to deepen our collective experience of democracy and become a more forward planning nation if we know facts about our nation’s past and present in everyone’s home language,” he says.
Southafrica.co.za, with sister company Siyabona Africa, is the organiser and sponsor of the Mandela: 100 Moments photographic exhibition that runs until 30 September at Cape Town’s V&A Waterfront-based Nelson Mandela Gateway to Robben Island. The 3-month exhibition, which runs daily from 08h00 until 15h00, is showcasing one hundred iconic Nelson Mandela images taken by veteran South African photojournalist and self-taught lensman Peter Magubane.