A10 Transcend Global Virtual User Conference to Turn Spotlight on Digital and Business Transformation During and Post COVID-19

A10 Networks today announced that it will host its inaugural global virtual user conference ‘A10 Transcend’ – giving customers, partners and prospects a forum to share insights into their journey with digital and business transformation during and post COVID-19. The impactful and informative event will take place between November 9-10.

Ehab Halablab, Regional Sales Director – Middle East at A10 Networks says, “Inspire, learn and network are the three pillars of the event. We invite attendees to join the bold thinkers pushing the boundaries of multi-cloud transformation and 5G readiness. The conference is an opportunity to get practical tips and tricks on how to configure and optimize the IT environment.  It is also a great networking platform for IT executives to connect with peers and leaders and raise the bar for their businesses.”

Below is a snapshot of the agenda:

Keynotes: A10’s CEO will share his perspectives for A10’s growth and innovation, along with fireside chats with two celebrity speakers, Scott Kelly and Lindsey Vonn, who will share their inspirational stories of how they have transcended the odds in their respective journeys.

Innovation Panel: A10’s product marketing and product management leaders discuss the current state of network and application security as challenges such as digital transformation, global cyber threats and COVID-19 are permanently changing the IT landscape.

Customer Transformation Spotlight: Customers will share their digital transformation journeys.

A10 Security Research:  Will provide insights into trends around malware and DDoS threat trends.

A10 Core Solutions: Attendees can learn about the latest product updates and capabilities of A10’s core technology – DDoS protection, zero trust SSL/TSL decryption, Polynimbus application services and service provider edge.

DevOps Deep Dive: A10 engineering and partner teams will provide deep dive technical sessions on DevOps

A10 Tips & Tricks: A10 solution architects will deliver a series of tips and tricks covering all aspects of application and networking technologies.

Partner Innovation: Will offer insights into joint solutions from technology and system integrator partners.

For more information about the event including registration, visit https://transcend.a10networks.com/

A Snapshot into the Current Threat Landscape

By Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs &  Aamir Lakhani, Global Security Strategist and Lead Researcher for FortiGuard Labs.

In our increasingly digital world, the threat landscape is rapidly changing and expanding, leaving organizations to wonder how they can keep up with evolving threats—especially as cybercriminals swiftly take advantage of new threat vectors and global events as lures. To provide some insight into the minds of cybercriminals and their various tactics and targets, Derek Manky and Aamir Lakhani of FortiGuard Labs offer their observations from the trenches.

Q: What changes in attack trends has FortiGuard Labs seen in the months since the beginning of the pandemic? 

Derek – April and May were the months where the most COVID lures came about, and of these, email-based threats were by far the most dominant in the threat space. These threats played off of layoff notices sent to employees, false purchasing orders, messages from HR departments, really anything that could exploit the huge shift in the work environment that employees were experiencing. Outside of the workplace, people were being targeted by health authority impersonators for example offering more information about the pandemic. In our trackers, the traditional COVID lures have dropped down quite a bit, going from almost 350 a day to double digits now. Now that things are shifting to a different normal, we’re seeing the old threats kickoff once again, but with a change in general focus. For example, as some organizations begin hiring again, we’re seeing lures that are specifically targeting candidates, particularly with man-in-the-middle attacks. For example, bad actors are injecting themselves into the middle with classic threat attempts such as sending malicious PDFs as resumes.

Q: The attack surface for threat actors is constantly growing, are there any targets that stand out to you as most vulnerable? 

Derek – Cybercriminals are often going to jump on the freshest opportunity they see for the element of surprise but that varies from place to place. The start of Q4 means a lot of people are heading back to work, but also students are heading back to school—both remotely and in-person, or a combination of the two. And that’s been a huge challenge for some institutions that weren’t fully prepared with remote learning capabilities, particularly in K-12 learning where this is all very new to them. They have new platforms and classroom setups, as well as a lot more connections that are happening, so education is a big target right now. 

Aamir – Yes, I certainly agree. Attackers have also shifted their focus to areas where people are becoming more digitally populated. Things like remote learning are still ongoing in places like the U.S., so we’re seeing more service and online attacks aiming to disrupt these organizations. It’s almost the perfect situation for attackers because a lot of schools are set up with a hybrid learning model, where teachers are headed to classrooms while doing remote work and teaching. All attackers have to do is target the internet connections being used in the classrooms, rather than targeting cloud applications or other platforms. By doing this, these bad actors can target more institutions and users much quicker.

Q: What are some of the most popluar attack vectors right now? 

Derek – There are a lot of systems that are now publicly exposed, especially with increased usage of Remote Desktop Protocol (RDP). Attacks like Wannacry, for example, leveraged public RDPs as points of entry and we know that was a big concern. This is something that I think, from a security architectural standpoint, needs to be addressed still. When it comes to remote learning especially, it’s such an easy way for attackers that are trying to hijack these sessions to try to get into these networks. 

Aamir – Last year, I remember doing a search on Shodan to see how many publicly available RDP ports were indexed and the number then was a little over 2 million. I searched again a few days ago and it was over 4 million worldwide. We’ve definitely seen an increase in public RDP connections out there, which means this is a growing risk. At this point, most RDP connections are on the public network and it’s an easy win for attackers.

Q: What would you recommend defenders do given what we know about the threat landscape in 2020?

Derek – This is where our world of threat intelligence really comes into play. We often say you can only protect against what you can see and I think, in the past, a lot of these attacks were not seen. There was a lot of persistence and stealth in these attacks. Companies didn’t have the proper inspections or management in place for all of their traffic flow, similar to the RDP case. Another key to defending against cybercriminals is getting the right model for securing, segmenting and monitoring business-critical applications. I believe the next 2-3 months in cybersecurity will be quite critical and it’s really the time to set up a strong foundation built on actionable threat intelligence. This is the new normal we’re heading into and it’s important to have a structured security plan.

Aamir – Visibility is a key, especially these days when most traffic is encrypted. If you put in a regular firewall or other devices that are not capable of that filtration at high speed, you may miss critical threats entering your network. You need a setup that is capable of decryption and encryption as well as having the proper policies and inspections in place to sort them. Timely information is also important because you need to know the second the attack has happened and be prepared to address it, rather than finding out months after the attack actually happened. 

Q: With how rapidly the threat landscape has been changing, do you have any predictions on where the cybersecurity conversation will be in the next few months? 

Derek – In the future, I think we will see more discussion around critical areas like healthcare and education, but also around operational technology (OT) as we move into more integrations. The wide adoption of technology to facilitate OT by combining old and new technology will lead to a collision between old, sometimes vulnerable technology with new technology capable of combatting modern threats. The entire ecosystem of OT is becoming a larger attack space that is often challenged with threat visibility, and this needs to be top of mind for these organizations.

Why the Education Sector Must Address Security in the Rush to Digitise

By: Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba

There has never been a greater need to connect students, classrooms, and buildings. Enrolment of students (who are always more tech savvy and more expectant than the year that preceded them) continues to rise, and the benefits of technology – better grades and greater staff well-being – are necessary if schools are to maintain high levels of performance during the challenging time of digital transformation.

What’s key, however, is that cyber security is taken seriously. Not in a way that restrains a school’s ambitions to innovate, but so that technology is controlled and managed with caution to protect the students. This will become increasingly important as schools and universities expand deployment of digital, collaborative and immersive learning environments across new and modernised buildings and campuses.

Here’s a closer look at some of the advances many schools are making today, and the security measures that can, and should, be taking to protect their data and reputation.

The changing face of education

There are exciting times ahead for the education industry. Typically, this sector is one of the last to make extensive change, but thanks to the ambitions of teachers keen to engage better with students, the classroom of yesteryear is starting to transform. In many schools, where once Wi-Fi was limited to a handful of classrooms, now any room can be used as an IT suite. New tech such as eLockers are being trialled as a way of empowering students and encouraging self-paced learning. And, rather than deter the use of personal devices, they are becoming increasingly more embedded in the educational toolset.

And so by enabling a more digital workplace, staff will be freed up to make faster decisions and engage students whose learning styles vary. Already we’re seeing education employees reap the rewards of technology. In Aruba’s recent study of more than 1,000 employees, almost three quarters (74%) said they could accomplish more throughout the day and had the opportunity to develop new skills (74%).

However, as the smarter classroom gradually becomes a reality, so the question of security – and how it is managed – must be addressed.

Keeping security in check as progress is made

Worryingly, just under half (49%) of teachers admit they rarely (if ever) think about cybersecurity, despite 91% acknowledging its importance. In addition, more than three-quarters (76%) believe there is room for improvement in the way connected tech is managed.

This is a challenge for institutions. Schools, colleges and universities alike share the same priority: providing the best possible education to cater to students whose expectations are growing exponentially. To connect with them in a meaningful way requires reliable, optimised, and personalised learning experiences. But an influx of Internet of Things (IoT) devices and a cohort that aren’t all trained in security best practices, puts networks at risk of intrusion. And, more seriously, puts young people at risk of communication from people who may wish to abuse, exploit or bully them.

Tackling this issue requires both accountability and an autonomous approach to security. Ensuring there is ownership over IoT security is imperative, and some institutions have appointed “digital champions” who review technology and share practices that foster innovation.

Technology, too, will play its part in managing the cybersecurity risk. Colleges and universities must implement new tools that go beyond traditional cybersecurity measures, such as User and Entity Behavior Analytics (UEBA), which identify patterns in typical user behaviour and flag any anomalies. These kinds of solutions don’t hinder employee creativity, collaboration, or speed as many clunky security systems do. Instead, they provide real-time protection and enable quick responses should a network breach occur.

Enthusiastic pupils are a huge opportunity

It’s important that a focus on security doesn’t take away from the bold ambition demonstrated by the education sector. In many ways, this industry in a totally unique position. Every day, it interacts with an enthusiastic generation that gets more technologically sophisticated each year. In few other sectors is there such a huge cohort of people as adaptable and receptive to new ways of working.

This is where the opportunity lies for teachers, who can challenge the traditional way of teaching. But in order to do so, they cannot be shackled by the fear of cyber risk. Instead, education employees must continue to push themselves to investigate what other innovations can be implemented in order to enhance student learning.

There’s no doubt it can feel overwhelming for many to think about how to make improvements while dealing with a demanding timetable. However, by investing in automation technology that streamlines processes and provides protection, the opportunity of a digital workplace can become a reality. This will drive greater efficiencies, freeing up space in the day to innovate and try new things.

With the right technology in place, and a security strategy that ensures accountability for the management of said technology, there is huge potential for educational institutions to become efficient, productive and inspiring digital workplaces. The enthusiasm for transformation is already there. With the right security strategy, I’ve no doubt the future of education will be bright.

Business Leaders Need to Focus on Closing the Cyber Skills Gap

By: Mohammad Jamal Tabbara, Senior Solutions Architect, Infoblox

IT departments are suffering from a chronic lack of cyber skills. The IT industry is the fastest evolving industry out there with a myriad of various different technologies and solutions. A subject matter expert today could be completely out of the loop the next. It’s not enough to be a technically well-rounded IT professional, but must also understand the business needs and objectives. It is very difficult to find talent that can have all of those qualities. If you do find any, make sure you do everything you can to keep them.

There are currently limited skills in the market which can be attributed to the actual lack of manpower. A lot of companies have one or two technical resources that are certified on three or four different technologies. This puts a strain on resources and compromises the level of service.

Engineers are mostly motivated by knowledge and technical development. Hire less number of people but make sure you continuously develop and do everything you can to retain them. You will notice an immediate and positive impact to your business. I think it is important for companies to keep abreast of which emerging technologies are likely to necessitate a future skill set need among their employees and then facilitate training programmes to get their employees the skills they will need down the road.  The biggest barrier to training is time constraints as training programs tend to be quite time consuming. A lot of these training programs also seem to be extremely heavy on content which can lead to information overload. Training programs need to be simplistic and to the point.

It’s true, there isn’t a lot of talent if one looks on the surface. Don’t just judge a book by its cover. Whether it’s a negative or positive judgement for that matter. I often get asked to provide feedback on whether a candidate is ‘good enough’ to hire. If that’s the approach you should stop hiring and change your approach all together. Would you want a ‘good enough’ boss or a ‘good enough’ engineer implementing the solution you’ve just spent several hundred thousand dollars on? Chances are every one of you will say no to all of the above. Qualities such as teamwork, integrity and emotional intelligence are absolutely key when making a hire and they shouldn’t be binary. But the one area that I believe employers should pay very close attention to is the appetite of that individual to learn and to be coached. Finally, when you get someone good, hire them, take time to understand them and invest in them.

Some organizations are mitigating talent shortage by casting the net wider and recruiting talent from markets outside the region. In addition to casting the net wider, there are a number of highly experienced agencies that specialize in IT recruitment that we would advise CIOs to get in touch with. 

We believe that the best talent wants to work for the best companies. While offering an attractive compensation package is important, it is equally important to have a really strong culture – one in which employees are more than just a number and where there is a strong emphasis on having “fun”.