Thunder Threat Protection System (TPS) Gives Service Providers the Highest Performance DDoS Defense in Compact, Reliable Form Factor

 A10 Networks, announced a new capacity enhancement to its Thunder^® 14045 TPS, which delivers industry-leading attack traffic mitigation capabilities. This capacity gain provides the highest performance available in the market with 500 Gbps of defense in one appliance. The smaller form factor reduces the number of devices required, while building scalable DDoS defenses that meet the challenge of emerging attacks. As service providers look to expand their service offerings, the Thunder TPS solution enables them to build profitable DDoS mitigation services that protect their own networks, as well as their subscribers.

Distributed denial of service (DDoS) attacks are only going to increase over time and attackers have an ever-expanding opportunity to use new device types, particularly connected-home devices like home hubs, routers and IP cameras to mount even larger attacks. In fact, the most recent A10 Networks’ DDoS Weapons Intelligence report describes the significant potential for attackers to use an IoT-related protocol, the Constrained Application Protocol (CoAP), deployed on IoT devices to marshal attacks.

With their expansive attack surface and absolute need for 24×7 uptime, global communications providers, cloud and online gaming service providers require the highest levels of protection from DDoS attacks. Service providers can rely on A10 Networks for expanded L3-7 DDoS protection, high scalability and advanced automated defenses that intelligently leverage machine learning.

“The proliferation of connected devices, and the increases in bandwidth and new application services enabled by advanced 5G networks mean that the size and intensity of DDoS attacks will increase exponentially. Customers require a modern approach to automated defenses with new technologies like machine learning and advanced threat intelligence to mitigate these attacks. The performance and automation available with Thunder TPS will help service providers deliver effective protection to their subscribers in this new and evolving attack landscape,” said Ahmed Abdelhalim, director of product management, A10 Networks.

With 500 Gbps mitigation capacity per Thunder TPS device, A10 Networks continues to drive innovation in the fast-growing DDoS market, leaving legacy suppliers behind. Thunder TPS solution is core to A10 Networks’ DDoS defense strategy delivering:

• One-DDoS Protection– The industry’s only connected intelligence system that provides full-spectrum multi-vector DDoS defense with distributed detection and machine learning capabilities within targeted infrastructure, including Thunder TPS, ADC, CGN, and CFW.
• Predictive, Automated Cyber Defense– Intelligent Automation, granular protection capabilities and zero-touch operation accelerate responses to ensure optimal, efficient protection.
• Actionable DDoS Weapons Intelligence– Incorporates global intelligence from A10 Networks DDoS weapons research for improved security posture and real-time insights into emerging threats.
• Industry-leading Performance– The highest performance in a small form factor enables fast detection and mitigation while lowering costs, reducing complexity, and increasing reliability in the field.

By Alain Penel, Regional Vice President – Middle East, Fortinet.

Operational technology (OT) refers to the hardware and software used to run industrial control systems (ICS), such as SCADA, that serve as the foundation of various areas of critical infrastructure. This includes industries that are essential to public safety and well-being, including power plants, manufacturing, water utilities, healthcare, transit, and more. OT differs from traditional IT systems due to the processes and systems that must be incorporated to effectively manage production and resource development systems, including engines, valves, sensors, and even robotics, that are common to critical infrastructure environments but may be absent from traditional IT stacks.

While IT and OT have been managed separately since their inception, there has been a growing movement toward the convergence of these two systems over the past 12 – 18 months. Incorporating IT capabilities such as big data analytics and machine learning into OT systems, along with faster connectivity solutions in order to respond to security and safety events more quickly, has allowed these industries to improve productivity and efficiency, offering a competitive edge to those who combine the systems effectively.

However, it’s important for OT teams to consider how this convergence affects the cybersecurity posture of critical infrastructure, especially given the impact that downtime caused by a cyberattack can have on the economy, health, and productivity of the nation. And worse, the potential safety risks to workers and even local communities should a critical system be compromised.

To determine where critical industries may be at risk due to IT and OT convergence, Fortinet has compiled the State of Operational Technology and Cybersecurity Report.

The State of Operational Technology and Cybersecurity

To understand the types of threats facing operational technology and how OT teams can mitigate these threats, Fortinet conducted a survey of organizations in critical industries with greater than 2,500 employees. Specifically, we examined plant and manufacturing operations leaders in:

• Manufacturing
• Energy and utilities
• Healthcare
• Transportation

Their answers revealed where OT is most vulnerable, the types of cyberattacks they regularly face, what their current security tactics are, and where improvement to cybersecurity protocols must be made.

Cybersecurity Risks for Operational Technology

The report revealed that cybersecurity must become a greater focus where operational technology is concerned, as 74% of OT organizations experienced a data breach in the last 12 months. The breaches negatively impacted organizations in a myriad of ways, including a reduction in safety, productivity and revenue, the compromise of business-critical data, and damaged brand reputation. Considering these, it’s clear that OT organizations that do not prioritize cybersecurity as part of their IT and OT convergence strategy risk losing all of the benefits of this strategy when they encounter an attack.

The most common types of cyberattacks affecting operational technology are malware, phishing, spyware, and mobile security breaches. The survey results show that these attacks persist as a result of four key reasons:

1. Lack of Visibility: 78% of organizations only have partial cybersecurity visibility into operational technology. This makes it difficult for teams to detect unusual behavior, quickly respond to potential threats, and perform threat analysis – all of which are crucial to a successful cybersecurity posture.
2. Lack of Personnel: As we have often seen elsewhere, due to the cybersecurity skills gap the low availability of skilled security professionals is a key concern for operations leaders considering implementing new security tools and controls in the network.
3. Rapid Pace of Change: 64% of operations leaders note that keeping up with the pace of change is a challenge when it comes to security, and yet, at the same time, slowing digital transformation efforts for any reason can compromise their competitive edge.
4. Network Complexity: OT network environments are complex, with anywhere from 50 to 500 devices to monitor and secure, many of which come from different vendors. This exacerbates the challenges surrounding visibility and personnel, as each device stores different data and has different security configuration needs and requirements.

Improving Security for Operational Technology

With these attack vectors and security challenges in mind, there are several steps operations leaders can take to improve the security posture at their organizations and minimize the risks associated with downtime in the wake of an attack.

First, 62% of organizations stated intentions to dramatically increase their cybersecurity budgets this year. Additionally, organizations are also adjusting their cybersecurity strategies, with 70% stating their intention to make the CISO responsible for OT cybersecurity in the next year—currently, just 9% of CISOs overseeing OT security.

In addition to these two changes already underway, organizations can implement several security tactics that have demonstrated success in critical infrastructure industries. As part of this study, Fortinet examined the differences in cybersecurity controls in place between those organizations that experienced zero intrusions over the last 12 months, and similarly-sized organizations with six or more intrusions. There were several tactics and tools that stood out among those top-tier organizations that those in the bottom-tier lacked, including:

• Multi-factor authentication
• Role-based access control
• Network segmentation
• Conduct security compliance reviews
• Management and analysis of security events

As OT and IT systems continue to converge, implementing these essential tactics can help operations leaders and CISOs gain visibility across their OT environments while reducing complexity in their network to reduce cyber risk.

Final Thoughts

Security threats to Operational Technology networks, especially in critical infrastructures such as transportation, health, and energy, can have major consequences for ensuring the success of these organizations, as well as for the daily lives of the people those industries support. To help minimize this risk, this latest report from Fortinet provides a critical examination of key areas of vulnerability in order to help OT teams identify more effective ways to improve cybersecurity efforts in the industries they support.

A10 Networks, announced that it has appointed Ehab Halablab as the company’s new Regional Channel Manager for Middle East and North Africa (MENA).

Ehab has more than 12 years’ experience in the IT industry. Prior to A10 Networks he worked at security firm Symantec as territory manager for enterprise where he was instrumental in driving new business acquision. He also held a regional channel leadership position at Blue Coat Systems (acquired by Symantec) and regional sales manager position at Sophos. The early part of his career was spent at Naizak Distribution Services as account manager for several key security vendors.

Mohammed Al-Moneer, Regional Vice President of Sales – MENA at A10 Networks says, “Ehab brings a wealth of leadership and channel expertise to our company. Partners are critical to A10’s growth strategy and success. In order to drive our leadership in 5G, multi-cloud and security infrastructures, we needed a regional channel head with a depth of relevant experience and a proven track record and Ehab ticked these boxes. He will play a pivotal role in leading the adoption of a channel-driven business strategy, partner enablement and identifying new partners, while ensuring they are equipped with the tools necessary to sell our company’s portfolio of market leading soutions.”

Ehab will be responsible for developing & executing a regional channel strategy focused on partner certification, premier security partner recruitment, and direct & indirect channel enablement programmes. As part of the strategy to grow the business, Ehab is looking to transform distributors into value added distributors (VADs). The company will be actively onboarding new potential partners in the region that will be focused on A10’s business. The internal sales team will also be seeding new business opportunities that will be fulfilled through resellers in the region. In addition, Ehab will be focused on strengthening local ties with the company’s alliance partners like HP, Nokia Systems, Ericsson and NEC.

Ehab will champion the regional launch of the company’s award winning Affinity Partner Programme, which leverages incentive programmes, co-partner end user events and vertical focused events to drive partner engagement and opportunities.

Another key focus area for Ehab will be enabling strategic partners within the high-growth security, cloud & infrastructure domains. The company has launched its Authorized Training Centre (ATC) based in Dubai to educate partners and customers. A10 ATCs will be regulary launching monthly sessions at the beginning of each quarter. There is also going to be the launch of a partner training program called ‘RiDerS’ which will give an opportunity to channel system engineers to gain the requisite high level of security knowledge.

“The network application, cloud and security business in the MENA region is growing at an exponential rate as organizations are looking to embark on the road to digital transformation. I’m delighted to be joining A10 Networks at this very exciting time since the company’s technologies are at the core of several of today’s key IT business drivers like 5G, multi-cloud and security. I am looking forward to empowering our partners to deliver a first-class experience to our mutual prospects and customers, drive customer engagement and fuel growth,” concludes Ehab.

Author: Claude Schuck, regional head, Middle East at Veeam

The ways businesses leverage cloud to manage and maximise the value of their data continue to evolve. The years when adopting cloud-based solutions felt like the first step into some brave new world may be behind us, but with every new cloud-consumption model comes new questions. Multi-cloud, the current variation of cloud deployment, is attracting attention, questions and scepticism from businesses.

Whereas a hybrid cloud is a single entity, an amalgamation of a private cloud with public cloud environments, multi-cloud simply includes multiple clouds. It is a nod towards the fact that businesses are increasingly using different clouds for different purposes. In today’s digital economy, 81% of enterprisesare embracing a multi-cloud strategy.

It is common for the IT industry to promote the idea of a one-stop shop model – a single point of failure – to avoid the perceived inefficiency and confusion of dealing with multiple vendors and cloud service providers (CSPs). Data is now described as the oil of the digital economy, a company’s most valuable resource, so as businesses demand an infrastructure which maximises the potential value of that data, IT departments are under pressure to deliver.

For example, a business may wish to store data from its fastest growing business unit in Google Cloud for scalability at relatively low expense but use AWS for its R&D databases to enjoy the benefits of AI and voice-assisted search. Whereas previously the only viable decision for the business would have been to make a judgment call based on its priority needs and budget constraints, the best strategic option is now to adopt a multi-cloud approach.

Data-driven transformation

There is a movement from organisations to become more data-driven, with business leaders recognising the importance of data in both high-level business strategy and operational decision-making. Furthermore, consumers and employees are beginning to appreciate the true value of their data, which means businesses must ensure that the people who share data with them see the value in doing so through receiving more personalised experiences. People want to know that their data is protected and is secure, but they also want greater transparency about what it is being used for.

Creating this data-driven culture is underpinned by continuous digital transformation – embracing the latest and greatest technologies which allow the business to repeatedly lift its performance levels. According to Gartner’s 2018 CIO Agenda report, making progress towards becoming a digital business is a top priority for CIOs – and the proliferation towards multi-cloud reflects this trend.

Despite this, the latest Veeam Availability Report reveals that two thirdsof senior IT leaders admit their digital transformation has been held back by unplanned downtime. And successful multi-cloud deployments depend on the availability of all apps and data, at all times. So, businesses looking to take advantage of multi-cloud environments must ensure that their apps and data are always available – and that their culture of data-driven decision-making is fully supported to maintain customer confidence and brand reputation.

Availability in the multi-cloud

The complexity of maintaining availability within a multi-cloud environment is the reliance on multiple CSPs. While all major vendors and CSPs will make backup and disaster recovery (DR) solutions available to their customers, each provider has different protocols, service level agreements (SLAs) and capabilities; and the last thing any business wants to hear when disaster strikes is that they are not adequately protected or that recovery has failed. While no business, regardless of whether it is using multi-cloud or not, can guarantee that it will never experience unplanned downtime, every business can ensure that it is prepared for this possibility.

Therefore, businesses opting for multi-cloud need to ensure that they have an availability solution which sits cross their entire cloud provision, making cloud data protection easy with a seamless process for sending data offsite to the cloud. As well as a reliable backup and DR solution which is interoperable with all major CSP solutions, the platform should provide businesses with full visibility of data availability across their entire multi-cloud infrastructure.

For businesses using multi-cloud to power their digital transformation in the bid to establish a more data-driven culture across the organisation, data is akin to running water – a utility which all rely on and must be available at all times. Businesses embracing multi-cloud should not be put off by the prospect of working with multiple vendors as certain software-based platforms can give the peace of mind and a turnkey solution to minimising downtime.

At the recently conducted ‘Sennheiser for Broadcast Hands-On Training Day’, held this month in Dubai, it emerged that the shrinking of the spectrum allocated for the Programme Making and Special Events (PMSE) industry remains a key concern for regional broadcasters. The Telecommunications Regulatory Authority (TRA) of the UAE, who participated at the event, was quick to address these concerns by outlining how its radio frequency (RF) spectrum authorization policy is ensuring smooth operation of broadcast systems, and safeguarding equipment investments for broadcasters.

The TRA also highlighted its ongoing collaboration with broadcast-related equipment manufacturers such as Sennheiser to ensure systems being imported and sold within the UAE operate within the allocated frequency bands. Particularly well received was the Authority’s demonstration of the interactive National Frequency Plan that is now available on its website.

In a session conducted by Sennheiser COO for the Professional Audio Division, Peter Claussen, Middle East broadcasters were given a first look at some of the innovative products currently being developed by the company’s Professional Division. In line with the company’s commitment to customer-centric innovation, Claussen offered attendees the opportunity to share their feedback and opinions on the types of audio solutions and advancements they would like to see in the future.

Commenting on the event, Ryan Burr, Head of Technical Sales & Application Engineering, Professional Audioat Sennheiser Middle East said, “Across demographics in the Middle East, the appetite for high-quality content is growing, placing broadcasters under increasing pressure. With turnaround times for the creation and distribution of compelling content constantly shrinking, it is imperative that they have the right expertise and solutions. As a trusted advisor and technology partner to some of the region’s leading television and radio broadcasters, Sennheiser is committed to advancing the industry from both a knowledge as well as a technical standpoint.”

Having recently conducted its largest set of product launches for Middle East Broadcasters at CABSAT 2019, Sennheiser used its Hands-On Training Day to provide attendees with detailed overviews and demonstrations of the recent additions. These were grouped into three categories, catering to the specific requirements of each segment of the industry:

 In the Studio:

Sennheiser’s model TV studio control room featured its Digital 9000, Digital 6000, 3000/5000 Series and EW-500 G4 microphone systems running through a mixing console and onto a pair of Neumann KH-310 studio monitors. Attendees were presented with several tests and demonstrations highlighting the capabilities of each system. This was followed by an in-depth tutorial on the Wireless Systems Manager, Sennheiser’s professional software solution for remotely monitoring and coordinating the frequencies of wireless microphones and monitors.

On the Radio

To simulate the set up for radio broadcasts, Sennheiser presented a comprehensive line up of Neumann microphones, including the BCM-104 and BCM-705 radio studio mics. These were fed into a mixing console and onto headphones and headsets from Sennheiser’s professional range, including the HD-26 and the new HD 300 PRO.

Out in the Field

For its outside broadcast setup, Sennheiser used an ENG camera with the EK-6042 true diversity two channel receiver plugged into its receiver slot. The EK-6042 was then synchronised with several different transmitter/mic combos including the MKH-8060 and 8070 shotgun ranges and the SKP-500 G4 plug-on transmitter mic. This allowed the broadcasters to test the both the range and quality of transmitted audio for these solutions. Attendees were also offered the ability to try out products from Sennheiser’s Audio for Video range such as the compact and versatile Memory Mic.

Each of these live stations were specifically designed to encourage attendees to gain a better understanding of the operation and capabilities of the systems through practical hands-on demos with the various equipment sets. “Given the caliber of the attendees, we were keen for them to experience the live stations with complete freedom. There were high levels of enthusiasm as they explored the features and capabilities of our solutions, especially when these exceeded their expectations,” said Burr.