The 10 Most Trusted Cyber Security Solution Providers 2018

1. www.insightssuccess.com March 2018 Chalk Talk Traits to Possess the Best Enterprise Security Günther Mull Founder & Managing Director Editor’s Pick Data Center Security: Controlling Possible Threats DERMALOG Identication Systems GmbH The Biometrics Innovation Leader

4. Editor’s Note What Lies Ahead for Cybersecurity 2 017 wasn’t a great year of cybersecurity. We saw a large number of high profile cyberattacks; which included WannaCry ransomware attack, Petya virus, Uber, Deloitte, etc. Despite multiple security updates and numerous patches, the number of attacks continues to rise, which eventually raises a question how to be safe in this world of web. So, let’s look at some trends and future predictions for the near future. Ransomware attacks have been growing at a steady pace during last few years, but it seems like regular users haven’t learned much from the attacks. So, the WannaCry attack has highlighted the need to back up data regularly, keep patching and updating systems, and strengthen the real-time defenses. If organizations and individuals took these simple steps, then we could reduce the impact of ransomware dramatically. With the advent of IoT, we are rolling out more and more sensor packed devices that are always connected to the internet, but IoT still remains one of the weakest links for cybersecurity. Most of the time these devices lack essential security features or many cases they aren’t correctly configured or rely upon default passwords that eventually provides easy access to the attackers. So, these poorly secured IoT devices are the reason for the growing use of botnets, which can be used for volumetric attacks, identify vulnerabilities, or for brute force attacks. Many organizations are still using single-factor authentication, which relies on “something you know.” Till now companies tend to shy away from implementing multi-factor authentication, as they believe that it can negatively affect user experiences. However, according to recent research, there’s a growing concern about stolen identities amongst the general public.

5. The rise of state or nation-sponsored attacks are the most concerning area for the cybersecurity experts. These attacks are motivated by political gain and go beyond financial gain. As expected the level of expertise are quite high which may prove difficult to protect against. So, governments must ensure that their internet networks are isolated from the internet and provide extensive security checks. Additionally, the staff needs to be trained in order to spot attacks. Finally, it’s essential that nations work together and share the information they have regarding state-sponsored threats. So, the dire need of competent cybersecurity solution providers has made us look for, “The 10 Most Trusted Cyber Security Solution Providers, 2018.” On our cover page we have DERMALOG Identification Systems GmbH, which is an expanding company based in Hamburg with additional offices in Malaysia and Singapore, as a result of strong growth in the region. We also have, SonicWall, which has been preventing cyber-crime for over 25 years, defending small- and medium-sized businesses and enterprises worldwide; Logsign, which is a next-generation Security Information and Event Management solution, primarily focused on security intelligence, log management, and easier compliance reporting; Seceon, which enhances the way organizations recognize cyber threats with speed and accuracy, prevent damage using surgical containment, and predict insider attacks through behavioral threat detection modeling and machine learning; IT-CNP, an information solution Provider Company which offers premier solutions to the US government; Code Dx, is a software vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools; Prey Software, which lets you track & find your phone, laptop, or tablet; Tinfoil Security, a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily; Avatier, is a provider of identity management software and solutions that acclimate to business users to provide an integrated framework for business operations; and Entrust Datacard Corporation, which offers the trusted identity and secure transaction technologies that make those experiences reliable and secure. Solutions range from the physical world of financial cards, passports and ID cards to the digital realm of authentication, certificates and secure communications. Happy Reading! Kaustav Roy

6. COVER STORY DERMALOG Identification Systems GmbH The Biometrics Innovation Leader 08 A R T I C L E S 32 Chalk Talk Traits to Posses the Best Enterprise Security 24 Mentor’s Role The Role of an MSP in your Cloud Strategy 40 Editor’s Pick Data Center Security: Controlling Possible Threats

7. C O N T E N T S Avatier: 18 Revolutionizing Digital Identity Security Code Dx: Practical Software Security Solutions 20 Entrust Datacard: Seamless Security 22 Made Easy IT-CNP: 28 The First Line of Defense for Mission-Critical Systems Logsign: SOC Combined Next-Gen SIEM 30

8. Prey Software: Helping Clients Track and Find their Phones, Tablets, and Laptops 36 Seceon: 38 Cybersecurity Done RIGHT SonicWall: A Security Center that Delivers Real-Time Cyber Attack Data 44 Tinfoil Security: 46 Incorporating Security into your Development and DevOps Workflow

11. Editor-in-Chief Pooja M. Bansal Anish Miller Managing Editor Executive Editors Assistant Editors Sourav Mukherjee Bhushan Kadam Kaustav Roy Jenny Fernandes Contributing Editors Kedar Kulkarni Visualiser David King Art & Design Director Amol Kamble Associate Designer Shubham Mahadik Co-designer Rahul Kavanekar Art & Picture Editor Paul Jayant Belin Khanna Senior Sales Manager Passi D. Business Development Manager Peter Collins Marketing Manager John Matthew Business Development Executives Steve, Joe, Alan, Rohit Sales Executives David, Kevin, Mark, Ajinkya Technical Head Jacob Smile Technical Specialist Amar, Pratiksha Digital Marketing Manager Marry D’Souza Online Marketing Strategist Alina Sege, Shubham Mahadik, Vaibhav K SME-SMO Executives Prashant Chevale, Uma Dhenge, Gemson, Irfan Research Analyst Chidiebere Moses Circulation Manager Robert, Tanaji Database Management Stella Andrew Technology Consultant David Stokes sales@insightssuccess.com March, 2018 Corporate Ofces: Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com Insights Success Media and Technology Pvt. Ltd. Off. No. 513 & 510, 5th Flr., Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in www.twitter.com/insightssuccess Follow us on : www.facebook.com/insightssuccess/ We are also available on : Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.

12. Cover Story DERMALOG Identication Systems GmbH The Biometrics Innovation Leader “ We offer challenging projects in international environments and the latest technologies in the eld of biometric identication. “

13. Günther Mull Founder & Managing Director

14. “ We are the pioneer in the development of biometric products and solutions. “ H GmbH has been shaping the world of security for more than two decades. DERMALOG is Germany’s pioneer in biometrics and the largest German manufacturer of biometric devices and systems. The company provides a wide range of biometric identification solutions, including latest generation of fingerprint and document scanners as well as high-performance Automatic Fingerprint Identification Systems and Automated Biometric Identification Systems (ABIS). The product portfolio is complemented by biometric border control systems, biometric ID cards and passports, as well as biometric voting systems. eadquartered in Hamburg, Germany, DERMALOG Identification Systems DERMALOG’s ABIS. Bank customers are clearly identified by fingerprints and face patterns, which effectively prevents fraud practices with false identities. Nigerian banks have already successfully registered more than 32 million customers with DERMALOG’s Automated Biometric Identification System. in 1980. From 1984, he was responsible for the automation of fingerprint and palmprint evaluations as part of a research project at the Hamburg Institute of Human Biology and worked until 1990 as a lecturer in applied statistics. After serving as the head of the Institute of Dermatoglyphics for several years, he found DERMALOG Identification Systems GmbH back in 1995. The Hamburg based company specializes in the development of Automated Fingerprint Identification Systems and fingerprint biometrics for documents and national ID projects. Presently, DERMALOG technology is used in more than 220 large-scale installations across the planet. “DERMALOG as manufacturer, supplier and System Integrator is able to implement solutions very quick, even into existing projects. Our “Turnkey Solutions” are reliable, intuitive to operate and most of all fast and secure,” adds Günther Mull, Founder of DERMALOG. The company has developed solutions like ‘FingerLogin’, ‘FingerPayment’, and ‘FingerBanking’ as well as automatic face and iris recognition. Apart from Germany and Europe, the main markets of DERMALOG revolve across Asia, Africa, Latin America and the Middle East. Today, more than 150 government agencies and over 40 banks in more than 80 countries are using DERMALOGs technology and turnkey solutions for biometric identification. When DERMALOG helped Countries with its Solutions Back in 2016, the Nigerian government found that more than 23,000 officials either did not exist with their registered name or received their salary unlawfully. This gave the country monthly savings of 10.5 million euros and makes a sustainable contribution to the positive development of the Nigerian state. The cases of fraud were identified using DERMALOG’s Automated Biometric Identification System. Originally the system was developed for 23 Nigerian banks and for the Central Bank of Nigeria in order to identify bank customers through fingerprint and face DERMALOG has been revolutionizing biometric security products for law enforcement, civil authorities as well as health and security agencies, and developing solutions for access and data security, authorization and authentication services as well as mobile security. Governmental authorities as well as private businesses all over the world trust DERMALOG’s expertise and state-of- the-art biometric products. That’s not all, DERMALOG has implemented one of the world’s largest biometric installations in Nigeria. The branches of 23 banks and the Central Bank of Nigeria have been equipped with A Pioneer in Fingerprint Identification Systems Günther Mull studied human biology at the University of Hamburg, where he began researching fingerprints back

15. recognition before opening or accessing a bank account. In this system, every customer receives an individual number. Since its very introduction in Nigeria, more than 32 million bank customers have been registered till date, wherein their bank accounts are backed by DERMALOG’s innovative biometrics. find people who have violated immigration laws. ranges from project management, installation and customization to maintenance and support of delivered products. Delivering the Best Solution Currently the discussion about security is dominated by rapidly increasing digitization. Understandably, this development also leads to a wider choice of security products. DERMALOG actively participates in this process with innovative solutions for secure biometric identifications. As an example, with DERMALOG’s password-free login, companies can significantly simplify their user management by allowing employees to log on to computers by fingerprint or face recognition features. The system is safer, more reliable, and much more comfortable than previous password protected solutions. DERMALOG’s goal has always been to deliver the best solution for its customers, which requires creativity and the willingness to break new ground. With the claim to be an innovative leader, the company is always open to new ideas. This is also part of DERMALOG’s corporate culture. As an example, flat hierarchies enable rapid decision-making and accelerate the development of new solutions. Additionally, DERMALOG’s employees have a high level of personal responsibility. “Specific requirements due to the security situation and the local conditions are our daily business,” emphasizes Mr. Mull. DERMALOG has rolled out a BioScreen system with the Immigration & Checkpoints Authority of Singapore. This specialized system captures the thumbprints of visitors arriving and departing at Singapore’s checkpoints, as part of its ongoing efforts to enhance security levels. Now, it is compulsory for foreign visitors to scan their thumbprints each time they enter or leave Singapore. With the BioScreen system installed in the passenger halls to pick up travelers’ thumbprints, it reminds travelers that security in Singapore has the highest priority over all threats. Singapore reports that a fingerprint checking system installed at borders is helping to An Innovative Industry Leader Ultimately, within the biometry sector, multi-biometrics, the combination of two or more biometric characteristics, is currently on the rise. Therefore, DERMALOG has developed an Automated Biometric Identification System (ABIS) that simultaneously compares finger, face and eye data for maximum accuracy. With DERMALOG ABIS, the company positions itself as an innovative leader and offers the next level of secured The company’s major strengths include innovative products and their unmatched adaptability. Working closely with its customers, DERMALOG always develops the best possible solution in remarkably fast time for the industry. This flexibility is one of the most important cornerstones of the company’s success. Also, DERMALOG’s innovative solutions provide outstanding service. The offer “ Our multi-modal ABIS (Automated Biometric Identication System) combines several biometric methods. “

16. “ In addition to our innovative range of services and the expertise and motivation of our employees, this fact is also based on the satisfaction and loyalty of our customers. “ identification. The system is already in use around the world, in banking and border control as well as in issuing official documents, such as passports and driver’s licenses. In the face of increasing mobility of people and goods in a globalized world, governments need to find a balance between fast processing and secure borders. Based on its experience from worldwide projects, DERMALOG offers solutions to develop and implement Border Control Systems as well as checks for secure border management. One of the latest DERMALOG border control products is the DERMALOG Gate. It is the first fully automated electronic gate that uses 3D sensor high-resolution camera technology combined with a precisely defined field of view. It guarantees only one person at a time can pass the gate, providing a highly secure face recognition. The integrated front scanner enables fast reading of numerous documents such as passports, ID cards, e-ID cards and flight tickets. The DERMALOG Gate reduces transit times, provides a self-service process and increases the attractiveness of using the airport. DERMALOG offers biometric solutions for banks and manufacturers of automatic teller machines (ATM). This includes the largest biometric banking project worldwide (USD 50 million), which was delivered by DERMALOG (BVN Project): 23 banks and the Central Bank of Nigeria were provided with DERMALOG’s ABIS, to prevent double identities among bank customers through different means such as finger and face recognition and guarantees the best-possible biometric identification of customers (KYC) for these banks. Furthermore, many ATMs across the globe have been equipped with DERMALOG’s fingerprint technology.

18. READ IT FIRST SUBSCRIBE T O D A Y Never Miss an Issue Yes, I would like to subscribe to Insights Success Magazine. Global Subscription 1 Year ......... (12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00 $250.00 3 Months ... (03 Issues) .... $70.00 (01 Issue) ..... $25.00 1 Month ...... Date : Name : Address : Telephone : Email : City : State : Zip : Country : Check should be drawn in favor of: INSIGHTS SUCCESS MEDIA TECH LLC CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone: (614)-602-1754,(302)-319-9947 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com

19. Management Company Name Brief Avatier Corporation is a provider of identity management software and solutions that acclimate to business users to provide an integrated framework for business operations. Nelson Cicchitto Chairman, Founder and CEO Avatier avatier.com Code Dx Enterprise is a software vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. Anita D’Amico CEO Code Dx codedx.com DERMALOG Identification Systems GmbH is an expanding company based in Hamburg with additional offices in Malaysia and Singapore, as a result of strong growth in the region. Günther Mull Founder and Managing Director DERMALOG dermalog.com Entrust Datacard offers the trusted identity and secure transaction technologies that make those experiences reliable and secure. Solutions range from the physical world of financial cards, passports and ID cards to the digital realm of authentication, certificates and secure communications. Entrust Datacard Corporation entrustdatacard.com Todd Wilkinson President and Chief Executive Officer Cynthia Gibson Information Security Compliance Manager IT-CNP is information solution Provider Company which offers premier solutions to the US government. IT-CNP it-cnp.com Logsign is a next-generation Security Information and Event Management solution, primarily focused on security intelligence, log management, and easier compliance reporting. Logsign logsign.com Veysel Ataytur CEO Prey Software preyproject.com Carlos Yaconi CEO Prey lets you track & find your phone, laptop, or tablet. Seceon is an organization that enhances the way organizations recognize cyber threats with speed and accuracy, prevent damage using surgical containment, and predict insider attacks through behavioral threat detection modeling and machine learning. Seceon seceon.com Chandra Pandey founder and CEO SonicWall has been preventing cyber-crime for over 25 years, defending small- and medium-sized businesses and enterprises worldwide. SonicWall sonicwall.com Bill Conner President and CEO Ainsley Braun, Co-founder & CEO and Michael Borohovski Co-founder & CTO Tinfoil Security is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily. Tinfoil Security tinfoilsecurity.com

20. Avatier: Revolutionizing Digital Identity Security A relating to their personal identity as well as other data. The protection of this information is crucial to safeguard the individual’s identity. Avatier Corporation provides flexible identity management software and solutions that allow business users to construct an integrated framework for business digital identity is an individual’s online presence; it comprises information operations. Its identity management solutions require fewer login credentials but enable collaboration across and beyond business boundaries. As Avatier’s CEO, he keeps the company ahead of the competition by constantly seeking – and finding – ways to take the complex and make it simple. Nelson’s leadership fosters innovation, creative thinking, and documenting processes. Avatier has also created the world’s first Identity-as-a-Container (IDaaC) platform. This IDaaC combines the best of Identity-as-a-Service (IDaaS) and on-premises identity management offerings while delivering greater flexibility and control than hybrid identity management solutions. These factors have allowed him to develop a system where all non- revenue generating back office apps and employee assets can be managed as one system. Delivering Best-in-class Security Services Avatier’s primary vision is to accelerate the adoption of identity management. The company plans to accomplish this by providing organizations and their employees, partners, and customers with secure and easy access to applications, assets, and electronic forms. Avatier develops state-of-the art identity management platforms that enable organizations to scale faster, innovate quicker, conquer and embrace change, and to dominate competition worldwide. Its Identity Anywhere product brings Cloud services and employee assets together and allows organizations to manage them as one system. “ Our identity solutions empower C-Suite Executives to use a digital dashboard to run and manage their business.“ An Avidly Competitive Leader Nelson Cicchitto, the Chairman, Founder and CEO of Avatier established the company in 1997. Identity Anywhere Password Management is the world’s first self- service password reset system. It uses Docker container technology to run anywhere - on any Cloud, on premises, or on a private Cloud hosted by Avatier. Nelson spent 5 years leading the development of Chevron’s Common Operating Environment (COE) IT efforts. It was here that he recognized the pressing need to manage Microsoft NT and Exchange as one system. Access Governance is the most portable, scalable and the most 18 March 2018

21. secure solution in the market. It enables customers to conduct access certifications of IT audit from any device, see the list of audits due along with identity and access governance items which have not been reviewed, practice security and compliance management with the touch of a finger, and approve and revoke access. Identity Anywhere Single Sign-On (SSO) gives employees, partners and customers secure access to public and private web applications. Avatier SSO leverages existing groups, OU’s and users in the customer’s native directory to delegate web application access. With built-in SaaS licensing management, Cloud subscription costs can be cut by 30% or more. SSO integrates with Identity Anywhere Lifecycle management for automatic user provisioning and de-provisioning. Avatier is the only company which has the capability to provide solutions that adapt to the needs of the business user and allows them to deliver a unified framework for business processes across operations. Nelson Cicchitto Chairman, Founder & CEO Industry analysts and customers have indemnified that Avatier’s identity management and access governance solutions make the world’s largest organizations more secure and productive in the shortest time and at the lowest costs. problems on premises as traditional identity management providers. A Prolific Game-Plan Boasting a Global Clientele By moving its Identity Management solution from REST APIs to Docker containers and adding orchestration for auto-scaling, continuous delivery, and transparent load balancing, Avatier has become the only vendor that allows customers to place its solution on any Cloud. This also allows Avatier or any other vendor to take the same instance and host it for them as a managed solution. Avatier boasts a clientele of over 500 worldwide customers, ranging from the Global 100 to the smallest businesses, across a wide range of industries, technology to pharmaceuticals to even manufacturing. Avatier considers feedback from its customers one of its greatest sources of innovation and inspiration. “Customers become our strongest advocates and drive us to continuously evolve our offerings to be the most secure and scalable in the industry,” states Nelson. Avatier’s solutions incorporate the latest Docker container technology, are cloud agnostic, and may be hosted by Avatier, run on-premises, or on any provider’s Cloud. Container technology or Identity as a Container (IDaaC) provides the benefits of speedy deployment continuous delivery of cloud-only (IDaaS) providers but with greater control over your identity repository, maximum security and flexibility at the lowest total cost of ownership in the industry. The company even invites customers to serve on its customer advisory board where they have direct input into products in development at Avatier. By contrast, hybrid identity management providers that do not leverage container technology face the very same 19 March 2018

22. Code Dx: Practical Software Security Solutions T security vulnerabilities can be found by any one of them. Every detection technique has its advantages and disadvantages and such tools are mutually complementary; using them in conjunction creates a more comprehensive safety net. Code Dx, Inc. was founded on the principle that application vulnerability management should be an integral part of the software development process, and that can only happen if it is convenient and logical. This approach helps developers and security professionals make their Under her leadership, Code Dx has developed innovative application vulnerability correlation and management solutions that are breaking down barriers to using Application Security Testing (AST) tools and processes, and enabling organizations to protect against software vulnerabilities. here are many application security techniques available today, but not all software software as secure as possible using an integrated collection of open- source and commercial tools. Code Dx built its flagship product, Code Dx Enterprise, to combine and correlate different tools and techniques under one software vulnerability management system. The advantage is that one set of results are consolidated across tools, one user interface, one reporting function, and a central method for prioritizing and assigning vulnerabilities for remediation. Developers and security analysts can use these reports and Code Dx’s remediation guidance to coordinate and decide which vulnerabilities to fix first, and streamline the tracking of their remediation. Driven by the Word ‘Together’ While the industry is working hard to deliver powerful AST tools, Code Dx Enterprise is different because of its focus on making those tools work together to produce better, actionable results even faster and with less effort. Thus, customers see Code Dx Enterprise as a value multiplier for their existing AST investments. Code Dx Enterprise automatically configures and runs 15 different open-source AST tools directly from within the solution. When customers feed their code into Code Dx Enterprise, it automatically identifies the language, then selects and runs an appropriate set of open-source tools to find vulnerabilities in their code as well as third-party libraries, and then consolidates the results. Code Dx Enterprise also seamlessly integrates with a wide variety of the industry’s best commercial static, dynamic, and A Strong Leadership Foundation “ Anita D’Amico is the CEO of Code Dx. She has a unique background as a human factors psychologist, cybersecurity situational awareness specialist, and a security researcher. This exceptionally diverse background and Anita’s ability to develop a vision and fuel it with energy, good communication, and effective leadership has propelled Code Dx to where it is today. Secure your application in less time, with a smaller team, and ship faster. “ 20 March 2018

23. interactive AST tools. Merging open-source results with tools that they already know and like extends the value of their AppSec investment. Code Dx Enterprise also stands out with its seamless integration into the software development processes. It assimilates effortlessly with several integrated development environments (IDEs), build servers like Jenkins, and issue trackers like Jira. Code Dx has also made considerable effort in the past two years to be easily adopted into the DevOps process. Vulnerability Correlation and Management Solutions Code Dx fills a critical hole in the cybersecurity market with its software vulnerability correlation and management solutions. The company’s team of expert developers has created high-value software systems for demanding commercial and government customers, and they participate in complex cybersecurity research and development work for various government agencies. As a result, Code Dx understands the real-world challenges faced by software developers and security analysts in securing their software. Its team of tool developers and application security specialists is dedicated to providing the tools, techniques, and support needed by application developers to assure the security of their software products and services. The team’s emphasis is on building a safer software security supply chain. Code Dx’s collaboration with clients and government research sponsors over the year have given it the knowledge and expertise to build futuristic solutions in real-time, and provide top-notch customer service and support as well. Anita D’Amico CEO helping its customers to use its tools effectively. The company also advises them on how best to approach application security and build secure software in the development process. This comprehensive approach has enabled Code Dx to sustain and build upon its long-term global and regional partnerships. New Opportunities in Cybersecurity The security services sector will continue to grow as more people understand and accept that conducting business in the internet age is fraught with cybersecurity risks. However, Code Dx has also seen that enterprises are beginning to accept responsibility for ensuring their own security, and bringing many of the activities previously given to the service sector in-house. These evolutions are creating new opportunities for security service providers like Code Dx who are adapting to the new tools and supporting their application security needs to leverage their processes. Anita adds, “Code Dx Enterprise saves time and valuable resources needed to secure your applications, whether you are just getting started or have a mature application security practice, by streamlining software vulnerability management through all its phases: discovery, consolidation, triage, prioritization, and remediation.” Enduring Partnerships Code Dx is committed to providing the highest level of support to its customers, who mostly specialize in shipping software products but opt for security because it is important to those products and their clients who use them. Hence, Code Dx extends its support beyond just 21 March 2018

24. Entrust Datacard: Seamless Security Made Easy T very long ago. The shift from paper documents to embedded chips to digital identification is giving way to cloud technology that surpasses them all. Parallel advances are transforming the way we interact with each other and with our government, how we do business, and how we live in an increasingly interconnected world. he concept of digital identity has evolved to a point that was scarcely imaginable not group of companies one of those companies is Entrust Datacard. aspect of our lives as individuals, customers, employees, business entities and citizens. They are trusted by financial institutions, digital enterprises, and governments. A Pattern of Growth Entrust Datacard is not a newcomer to the field. Established in 1969, it has grown to employ over 2,200 staff spread over 37 locations across the globe, who deal with clients in over 150 countries. The company is headquartered in Shakopee, MN. Diverse Protection Our world may have shrunk with the advent of the digital age, but it also seems to have become a place where the threats to our safety, security and privacy have expanded. We live in a world of devices beyond computers to which we are constantly connected, and to which we entrust critical information. It began its journey as a provider of financial card personalization technology. Today, its products and solutions encompass virtually every This revolution is being driven, adapted and molded by a select “ Our solutions ranges from the physical world of financial cards, passports and ID cards to the digital realm of authentication, certificates and secure communications. “ 22 March 2018

25. Unfortunately, both individual devices and networks are vulnerable to attacks. These attacks compromise not just personal and private information but regularly result in losses that compromise far more than monetary possessions. It is here that Entrust Datacard has proven to be a trustworthy partner, not only for you and I, but for any business that has an online presence, and even national governments who need to maintain and oversee e-services and border controls. Accomplished Leadership The Entrust Datacard team is led by Todd Wilkinson, President and Chief Executive Officer since 2008. Prior to that, he spent three years as the company’s Chief Financial and Administrative Officer. Mr. Wilkinson oversaw the merger of the individual entities, Entrust and Datacard that created the Entrust Datacard brand in 2014. He managed the transition in a manner which accorded due recognition and respect to the constituent companies and their distinctive heritage, while integrating their technologies to create an organization capable of tackling the challenges of the digital era. Todd Wilkinson President & CEO His career before Entrust Datacard includes executive positions at General Electric and USG Corporation. Mr. Wilkinson’s alma mater is Northern Illinois University, from which he holds both a Bachelor of Science and a Master of Business Administration degree. 23 March 2018

26. Traits to Posses the Best Enterprise Security T IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest recorded number in the last 18 years. Criminals are always a step ahead of the existing security systems. So companies should have best strategies and practices for enterprise security. he founders occasionally forget about implementing important fundamentals of security and start running after shining technology. The security budgets are limited, so they need to be sure about covering highest breach areas before moving onto other things. So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with these basic practices. Strong Firewalls Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the direction of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets. The traditional process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted and suspicious traffic away. Securing Router Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have improved security posture companies need to use all the security features of routers. Secured Email It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An 86 percent of the emails in the world are spam. Even if the latest filters are able to remove most of the spam emails, companies should keep updating the current protocols. If the no, of spam emails are large, then it only means the company is at greater risk of getting malware. Updating Programs To make sure your computer patched and updated is a necessary step if you are going towards fully protected enterprise. If you can’t maintain it right, then updating already installed applications is an important step in enterprise security. No one 24 March 2018

27. Chalk Talk can create 100 percent perfect applications, but one can make changes accordingly trying to keep it with the pace. Thus, making sure your application is update will let you know the holes programmer has fixed. Securing Laptops and Mobiles You may wonder that why securing laptops and mobiles is in the list. But it is true that securing laptops and mobile phones that contain sensitive data of enterprises. Unlike desktop computers that are fixed, laptops and mobiles are portable and thus are at higher risk of being stolen. Making sure you have taken some extra steps to secure laptops and mobiles is as important as implementing strong firewalls. Encrypting laptops and mobiles with the help of softwares is a great tactic to be followed for secured enterprises. Wireless WPA2 This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it. Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2 installed, then it will be difficult to breach for criminals. Web Security Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years have increased at an alarming rate, with over 51 percent of the victims. Simple URL filtering is no longer sufficient, as attacks are becoming more frequent and complex. The features that need to be considered for web security systems are AV Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability to correctly scan the web traffic. Educating Employees Making sure that employees are educated about safe and online habits is as crucial as securing enterprise with top class anti virus and firewalls. Educating employees about what they are doing and how to be pre-defensive is more effective than expecting IT security staff to take steps later. Because protecting end users against themselves is the most difficult thing to do. So, employees must understand how important it is to keep company’s data safe and the measures they can take to protect it. While the world is approaching with more and more cyber theft and crimes, these simple and standard tools based foundation of enterprise security can protect the companies from such attacks. 25 March 2018

30. IT-CNP: The First Line of Defense for Mission-Critical Systems C cyberattacks are a new kind of plague st for the 21 century. In 2018, data breaches are a pervasive and ever-present fact of life. Cunning criminals can infiltrate electronic files from across a room, or across the globe, with nothing more than a laptop or access to an Internet of Things device, while barely raising their pulse. Government networks, specifically, are susceptible – not just from attackers, but also interconnectivity issues, hardware snafus, user error, and acts of God. omputer viruses, bugs – even the term “hack” suggests illness. With good reason: Meanwhile, governmental budgets continue to shrink, resources for critical protections continue to tighten, and a constantly evolving morass of regulations and standards make compliance a maddening prospect. Government agencies need a cure. For almost two decades, now, IT-CNP has provided an antidote. The Columbia, Maryland-based consulting firm was one of the first national providers of government- oriented, FISMA-compliant, FedRAMP certified cloud hosting in the country. It remains one of the only facilities nationwide that exclusively serves Federal, state, and local government agencies. Turnkey cloud solutions – including policy development, audits, compliance, forensics, analysis, and incident response – are offered through IT-CNP’s unique hosting division, GovDataHosting. Gibson previously provided multiple Department of Homeland Security agencies with risk assessment support. Today, she is responsible for the delivery of cybersecurity and security compliance services for IT-CNP’s portfolio of GovDataHosting cloud customers. Competition is at an all-time high when it comes to vying for government cloud contracts. The secret of IT-CNP’s success is simple: They’ve been doing it better, longer. “Our wealth of experience, garnered from multiple past performances, offers our new customers reassurance that their systems will be implemented with little to no risk,” Gibson said. Complemented by state-of-the-art datacenters and 100% uptime performance, GovDataHosting provides fully-managed cloud to a growing roster of government agencies representing industries from healthcare to defense, and beyond. “ We Help Secure America's Infrastructure. “By identifying vulnerabilities and implementing corrective measures, we reduce the risk of compromised systems, reinforce the integrity of agency data, and ensure policies and regulations are addressed consistently across all platforms,” said Information Security Compliance Manager,Cynthia Gibson. IT-CNP realizes that there is no room for error when hosting and managing these mission-critical systems in the cloud. That’s why all datacenters, related personnel, and customer data are located and monitored within American borders. Employees, too, undergo a criminal background check, while those working with sensitive “ 28 March 2018

31. information take part in a government-sponsored background investigation. “Protecting government systems is a tremendous responsibility,” Gibson said. “But we have continuously earned our customers’ trust with diligence and attention to detail. We face government cybersecurity challenges head- on, delivering comprehensive, innovative results on-time, within or under budget, and to our clients’ complete satisfaction.” Case in point: IT-CNP transitioned a military client from a government operated datacenter to a cloud datacenter of its own, meeting the complex requirements set forth by the Department of Defense. Immediate operational enhancement resulted, as well as a marked improvement for the Service Level Agreement’s turnaround time and modernization. IT-CNP also assisted with the transition of a Department of Health and Human Services data warehouse, evaluating, documenting, and authorizing Personally Identifiable Information (PII) and Protected Health Information (PHI) in accordance with FISMA and HIPAA regulations and ensuring that all systems adhered to the Federal government’s rigorous standards. The U.S. Department of Health and Human Services recently recognized such capabilities and experience by awarding IT-CNP with a Blanket Purchase Agreement to provide Next Generation IT Services application hosting, FedRAMP certified cloud, and associated managed services. Cynthia Gibson Information Security Compliance Manager The hope, said Gibson, is to provide a coast-to-coast presence, not only for civilian agencies, but also the Department of Defense. Two additional cloud datacenters are also in the works. “We’re proud to support the quickly evolving security needs of the Federal government,” said Gibson. “Being part of what it takes to protect America’s infrastructure is the reason IT-CNP and GovDataHosting were created, and we are committed to offering our customers nothing less than 100 percent satisfaction.” The award provides HHS operating divisions and offices with streamlined access to application hosting and cloud migration resources. IT-CNP’s services are similarly available on a number of pre-negotiated government contract vehicles, including GSA Schedule 70, Navy Seaport-E, and DHS-Eagle II. As a vendor of the U.S. Army ACCENT Program, GovDataHosting serves as a preferred application migration and cloud hosting provider for the entire Department of Defense, including DoD agencies, the Army, Navy, Air Force, and the Marine Corps. As the unique needs of the security services sector continue to evolve, IT-CNP has initiated plans to extend its cybersecurity solutions and FedRAMP cloud services into the south and southwestern parts of the country. 29 March 2018

32. Logsign: SOC Combined Next-Gen SIEM L Security Information and Event Management (SIEM) solutions provider. It unifies Security Intelligence, Log Management, and Compliance as applied in various industries. The company’s user-friendly platform has a smartly designed NoSQL and HDFS embedded architecture that ensures efficient storage, clustering, and rapid access to stored and live data. Actively providing services to more than 500 SMBs and governmental agencies, Logsign is working toward raising customers’ security awareness while establishing itself in the field of cybersecurity. ogsign, headquartered in California, was established in 2010 as an all-in-one This next-generation, all-in-one SIEM solutions provider is primarily focused on Security Intelligence, Log Management, and easier Compliance Reporting. Logsign unifies the view and monitoring of cloud and local data, increases awareness via smartly designed, security-oriented dashboards, and provides a clear understanding of machine data and enables reliable, actionable insights in real-time. Veysel always tries to maintain long- term relationship with his clients. This has helped Logsign grow organically while retaining a large share of the clientele it has worked with since its incorporation. “We believe that cybersecurity is a team effort that should continue seamlessly. We focus on customers’ needs and expectations, focus on that we are always on the same side,” asserts Veysel. Logsign’s core features are Log and Event Data Centralization, Event Mapping, Real-Time Correlation, and Historical and Real-Time Analysis. Logsign collects logs and event data comprehensively from sources such as firewalls, routers, IDS/IPS, network devices, Windows, Linux/Unix, databases, VMware ESX, mail servers, and web servers. He also reveals that their community of satisfied customers is growing every day as the team continues with its focus on delivering added value to them. A Real All-in-One Solution Logsign is a next-gen SIEM combined with a Security Orchestration, Automation, and Response (SOAR) system and healthcare services. With its well- designed architecture, it processes operational security of systems, thereby shortening incident response times, improving team efficiency, and decreasing the number of repetitive tasks and false-positives. Effective and Focused Leadership Veysel Ataytur, CEO of Logsign, is an Electronics and Communications Engineer with vast experience in the cybersecurity industry. His in-depth knowledge of, and experience in product management and product marketing to cybersecurity service providers and partners have contributed significantly to the success of Logsign. He is primarily responsible for the business operations, sales, and marketing of the company. “ Cybersecurity is teamwork and security products have to be much smarter. The system also enables automatic responses and detection of indicators via API integrations. “ Logsign also ensures control over both IT and OT infrastructures to prevent attacks before they occur via 30 March 2018

33. its comprehensive SOC solutions. It helps enterprises and SMBs improve their information security processes and procedures, and to review and create new ones in real-time. The company strives to continuously improve security procedures, remediation, and monitoring operations by learning and adapting with every incident. Human-Oriented Solutions Logsign’s user-friendly platform is backed by a diligent technical support team that provides customers a comprehensive, reliable SIEM solution at an affordable price. Logsign also helps enterprises and SMBs to improve and remedy their information security processes and procedures. “We believe that solutions should have a well-designed UX and be human-oriented. SOCs are where technology and humans meet. Security professionals in every line should work more efficiently, effectively, and happily,” says Vessel. Veysel Ataytur CEO Logsign has provided its solutions to more than 500 enterprises. Some of the most prominent names among them are Deloitte, Migros Global Retail Chain, Simit Sarayi Global Food Chain, BMC, Cardtek, Ford Otosan, Benetton and Penti. Besides these major brands, Logsign products are also employed by many universities and colleges, hotels, and insurance firms. human, human to machine, and machine to machine interactions. “Our sophisticated and ever-evolving view of threat lifecycle management and collaboration is our strength. Aiming team leaders and executives, to improve efficiency and diminish worries that systems are on. Security analysts working at SOCs are also in our target to help them work easily,” states the team in one voice. Industry Outlook The number of cyber-attacks against individuals, organizations and governmental agencies is increasing by the day. As was the case in 2017, phishing attacks, ransomware, and exploits show strong trends in 2018. IoT and SCADA Security have gained an increasing popularity. Security professional talent shortage, numerous attacks, repetitive tasks and alerts, etc. can be though as a part of a puzzle, it’s a big challenge. To tackle all such threats, Logsign focuses on ‘Orchestration, Early Detection, Automation, and Response’. Using this point of view, Cybersecurity does not just mean security devices, systems should be monitored, recovered, and improved. Logsign’s next-gen SIEM is being developed to help improve human to 31 March 2018

34. MSP in your The Role of an Cloud Stratergy I have to take a serious look at their cloud strategy and make sure it's aligned to their business goals. Whether these goals are to increase operational efficiency, drive new revenue streams, improve customer service or disrupt the market, there are key principles I advise businesses to follow. Working with a Managed Service Provider with strong credentials in security can help you to lock down any potential vulnerabilities in your network. Firstly, upskilling your internal IT team to manage the migration can be a real challenge when the skills required are fundamentally different to those of a traditional IT team. Furthermore, it can be risky to divert your team away from managing business critical IT infrastructure to plan and implement a cloud migration strategy. This can be a very significant undertaking, and one that often makes sense to outsource to an MSP with the specialist skills you don’t have in-house. n my experience, when businesses are looking to fundamentally transform the way they work, they If you decide that working with a Managed Service Provider is right for your business, look for a partner with demonstrable expertise in architecting, implementing and managing cloud- based network infrastructures and applications that can flex with your business. They should also offer a security portfolio that supports both public internet and private networking environments. The approach you take will depend on what stage your business is at. A cloud first strategy is appropriate if you have the flexibility to move your core business applications to the cloud because you’re a new business or you’re not encumbered by legacy infrastructure. A hybrid approach works if you have a clear plan on which applications you feel comfortable moving to the cloud, versus those you’d prefer to keep within your own private network or at a data centre. Many businesses will need to redesign their legacy networks and infrastructure to support this migration, which can be complex. For example, data that was previously routed via a private network to head office, may now be serviced via the internet, which creates a big shift in data and networking requirements. Many IT decision makers come unstuck when they select service providers who don’t invest enough in cutting-edge technology. Even though IT services are often viewed as a commodity, working with a partner who can predict where the market is going can really help to transform your business. Another big decision is which technology provider to go with. With so many options available it can be challenging to decide which one is right for your business. For example, do you go with Microsoft Azure, Amazon Web Services (AWS) or a mix of the two? It’s easy to get distracted by service features, so it’s important to keep focused on the business outcomes you’re trying to achieve when going through the vendor selection process. There’s nothing worse than investing time and money in technology that becomes obsolete. Work with someone who has a strong reputation in delivering market leading technology in data centres, data security and cloud based services. If you’re at an early stage in your cloud strategy and are still getting to grips with the options available, it can help to work with a managed service provider who will map out the most appropriate migration path based on what you’re trying to achieve. The right MSP will be much more than a supplier. They’ll be an extension to your IT team; a true partner who’s committed to delivering outcomes and is happy to share the risk of the Irrespective of what stage you’re at, there are challenges that most businesses face as they journey to the cloud. With all the benefits that the cloud offers in terms of cost savings, agility and innovation, it can also expose your business to increased security threats. 32 March 2018

35. Mentor’s Role About The Author As the CEO of Enablis Pty Ltd, Jon leads a passionate and focused team delivering Managed IT Communication and Cloud Services to mid-sized organizations in Australia and New Zealand. A 25-year industry ICT veteran, in 2006 Jon founded the Australian business for Sirocom Ltd, a leading UK Managed Virtual network operator (MVNO) that later became Azzurri Communications Pty Ltd. Eleven years on, John has grown Enablis, the Australian division of Azzurri Communications, from one employee to over 50 employees with offices in Sydney and Melbourne. His zeal and vision to deliver smarter ways for organizations to procure and operate complex communication estates coupled with his experience in leading and driving a strong business culture focused on doing “right by the customer” have resulted in Enablis winning multiple industry awards for growth and service quality every year for the past six years. Jon Evans CEO Enablis Pty Ltd Working with an MSP who speaks your language is vital. This means that they should know your industry and ideally, already have customers in your sector. Even though every business is unique, there’s a lot to be said for working with service providers who understand your business objectives and the risk profile you’re trying to manage. Prior to Enablis, Jon held Senior Partner roles at major carriers such as Verizon and Optus where he helped develop and grow key integrator relationships in Europe, and later on, in Australia. Before that, he worked at Cabletron and 3Com. Jon has sat on and assisted in technology steering panels at St Vincent de Paul. He has a passion for helping and getting involved in raising awareness and donations for a number of charities focused on homelessness and under privileged youth. In my experience, IT budgets are generally flat or falling, whereas demand for high priority strategic projects such as migrating to the cloud, is only increasing. This means that IT decision makers are often under increasing pressure to achieve more with less. Work with an MSP who can help you deploy your budget and resources more effectively; who can build a business case for you and back it up with hard numbers. Ultimately, they need to convince you and the rest of the business that a cloud strategy is going to deliver measurable improvements to your business before you bring them on board. technology deployment. Much like any relationship, a good partnership is based on chemistry, transparency, shared goals and mutual respect. Most importantly, you need to be certain they’ve got your back. 33 March 2018

38. Prey Software: Helping Clients Track and Find their Phones, Tablets, and Laptops W we want to listen to a song, store data, or even when we want to buy some stuff for our household needs, we turn towards the internet to fulfill our needs. The web world even possesses the ability to store identification data including fingerprints, iris scan and others. But thanks to attackers, nowadays, most of our data is up for sale, most definitely on the dark web. Shockingly our whole online identity into an evidence gathering machine. The platform generates reports with pictures, location, nearby WiFi networks, hardware changes, and more data critical to the retrieval of a device. e, as humans, are completely dependent upon the internet. When can be bought for as low as $1,170. This includes accounts and data from 11 different groups; from online shopping to entertainment services, to personal finances accounts and data categorized as proof of identity. A Massively Experienced Leader Carlos Yaconi, Prey’s Founder and CEO, kick-started the project’s global expansion and evolution together with the initial founder of the Linux application Tomás Pollak. This partnership took Prey to a worldwide release in 2010, which quickly escalated becoming the first global multi-platform anti-theft app. Enter Prey Software asa multi- platform anti-theft management solution that helps businesses keep their mobile device fleets and data secure. This is done through a mixture of Anti-Theft and device management tools. In a nutshell, Prey consists of two parts. The agent, installed on laptops, phones, and tablets, and the panel. Once its client’s fleet is covered with the agent, everything is managed online through the website’s panel, to which the user signs in. Carlos studied Computer Science and Information Technology at Universidad Diego Portales and is an innovation graduate of Universidad del Desarrollo. His work as an entrepreneur goes further back, having founded two prior companies: Nectia, software developer company, and Bizware, a database service provider. In his spare time, you can usually find Carlos training as a ‘work in progress’ guitarist or listening to Pink Floyd. “ Tracking devices is easy, we take gathering evidence to another level. There users can organize the fleet by labels, setup Control Zones (geofencing) to monitor movement on areas where devices should enter or shouldn’t exit and track their location globally to keep an eye on all assets. “ If something goes wrong, the user will activate Prey’s tracking mode, or ‘MISSING mode’, which turns Prey Tackling the Competition Currently, Prey is working on its 36 March 2018

39. user-focused development. Its offer and its features are constantly being developed for the user specific needs, making way for a sturdier product. The core of this concept is to adapt and grow Prey’s solutions to real needs, with prior knowledge that ensures the features are a result of an issue, not the other way around. Prey’s clients have a direct line to the support team, which is prompt and ready to tackle any challenges and to guide the client’s experience across the platform. Great value on Prey’s support comes from a combination of active relationships with its customers, and quick assistance from the developers, which give user-fixes a high priority. However, that’s not the end of it. To enrich this relationship, the company shares its advice on security with them, Prey also assists its clients when facing threats, and keeps an open line for any suggestions they could need security-wise. A Pioneer Against Technology and Gadget Theft In the very beginning, Prey pioneered this fight against technology and gadget theft, before services like ‘Find my iPhone’ even existed, and even today the organization is witnessing the great bond it created between itself and the public. Carlos Yaconi CEO challenge the security industry. The lack of security standards among these devices provides a challenge, especially when one needs to integrate them to a network without making it vulnerable. Furthermore, IoT will clash with IT’s current headache: Bring Your Own Device (BYOD) control and policies. When combined, both issues can escalate the need for a controlling filter. What’s more, theft is a problem that’s tough to beat, and nobody likes to feel helpless against it. That’s where Prey comes-in for aid. The difference is that it does so but not by taking the load and becoming the hero, quite the opposite actually; Prey looks to empower its users by giving them the tools they need to become the hero. With this in mind, Prey has many challenges to focus upon. Currently, the organization is investigating on the subject to understand the scope of the security issue, and how an integrative platform could aid mobile device security and management to cover the lack of protocols and standards. This great user-developer relationship pushes the company forward constantly with new problems to tackle, and new opportunities to provide the help users need. Securing Devices for the Internet of Things There’s a great topic, security services should keep an eye on for at least a couple of years: IoT, or the Internet of Things. Mobile environments are currently hyper- connected, but with IoT, this is growing exponentially to the point where connectable devices will come in all shapes and sizes, with extremely different utilities and little regulation. How Prey secures these IoT devices, and the environments they generate, are concerns that currently 37 March 2018

40. Seceon: Cybersecurity Done RIGHT W internet to some degree. Unfortunately, this ubiquitous relationship with the online realm is an increasingly attractive target for individuals and groups with ill intent. He has also held senior leadership roles at Juniper Networks, Internet Photonics, Lucent and 3Com. Chandra is an inspirational leader who empowers his team to take on the continuously-evolving cybersecurity challenges businesses face, creating a new market category in the process. e live in a world where almost every facet of our lives is connected to the Its innovative Open Threat Management (OTM) Platform gives MSSPs and Enterprises the ability to detect, contain and eliminate all known and unknown threats in real-time. The platform uses patent-pending predictive analytics, machine learning, and dynamic threat models to automatically generate threat alerts in real-time, giving IT teams the capacity to respond before critical data is extracted and damage is done. Seceon’s OTM Platform proactively closes the threat loop. It is the industry’s first and only fully- automated, real-time threat detection and remediation system. From the very start, Pandey knew that he needed talented individuals with passion and drive to create the OTM Platform. His solution was to hire some of the best minds in every field Seceon would be involved - Machine Leaning, AI, BIG Data Platform, Networking, Security Modeling and User Experience. Cyber attacks have become one of the biggest nuisances and most potent threats that individuals, organizations and governments have to contend with today. Into this scenario comes Seceon, a company focused on empowering organizations to recognize cyber threats clearly and quickly, prevent damage using surgical containment, and to predict insider attacks through behavioral threat detection modeling and machine learning. A Laser Focus An Expert Leader The Seceon team finds its focus from the company’s motto, “Cybersecurity Done Right.” It provides Comprehensive Visibility: Real-time visualization of all services, applications, users and hosts and their interactions; Proactive Threat Detection: Detection of known and unknown threats; Automatic Real-Time Threat Remediation: Elimination and containment of threats in real-time; and Reporting and Compliance: Assistance for HIPPA, GDPR, PCI-DSS, NIST, and ISO with real-time monitoring. Chandra Pandey is the Founder and CEO of Seceon. He is an expert in data center architecture and highly scalable network solutions, and a proven business leader with more than 20 years of experience developing and marketing innovative technology solutions. Before founding Seceon, he was the General Manager and Vice President of Platform Solutions at BTI Systems. He led a global team through the creation, development and launch of Intelligent Secure Cloud Connect Platform to more than twenty Web 2.0-focused customer deployments in less than 18 months. “ We are laser focused on detecting and eradicating cyber security threats in real-time. “ According to Seceon, there is no other platform in the industry which currently has these capabilities, but it acknowledges that others will soon 38 March 2018

41. follow its lead. Hence, the company works closely with partners and customers to maintain its advantage and continue to deliver the innovative and effective cybersecurity solutions for which it is known. Seceon’s platform is unique in its ability to handle millions of inputs from logs and flows and correlating them into actionable alerts. Organizations can choose to program automatic responses to these alerts or opt for single-touch human intervention. Because of its ability to scale at speed, the platform can process data in real-time, updating and activating these models within minutes through advanced correlation with intelligent application of machine learning and AI with actionable intelligence. The organization’s in-memory, fast analytics processing enables a more global approach, ingesting and analyzing data in real-time while correlating it with information about existing threats and zero-day exploits. In this way, it delivers prioritized threat alerts to IT/security analysts or MSSP SOC staff. Chandra Pandey Founder & CEO MSSPs expect to be able to monetize this with value added service offerings. Bright Days Ahead As the world becomes more connected and system complexity increases, cybersecurity platforms will have to contend with increasingly sophisticated attacks. Attackers have access to more computing power and have developed the ability to go after businesses of any size, but focus particularly on small- and medium-sized enterprises that are not as well protected. Traditional solutions and services from large vendors can neither combat this increasing sophistication of cyber threats nor could detect between perimeter and endpoints to the required level. Empowering Partners to be Successful Being 100% channel-driven, Seceon puts significant emphasis on its relationship with clients. The company’s goal is to empower them to be successful so they can dominate their respective niches. Over time, Seceon has learnt how to better identify partners that are equally vested in the goals it is trying to accomplish. In that respect, Seceon constantly uses feedback from its partners to improve its processes, sharpen communications, and simplify onboarding. This enhances the entire partner experience from introduction to demo to trial to training and, finally, to implementation. Seceon’s MSSP program is aimed at channel partners delivering managed security services to Fortune 5000 organizations and SMBs. OTM was built using dynamic threat model engines, machine learning engines, and proprietary predictive and behavioral analytics, to provide what Seceon refers to as a virtual SOC. MSSPs partner with Seceon because its system reduces the number of alerts per client and makes available the right information when an alert is processed; both factors reduce costs. There is also the competitive advantage of being able to provide increased business assurance to clients by detecting threats earlier and warding off attacks. For cybersecurity solutions to be successful in these environments, it is critical that they run in real-time and have the ability to take immediate action to eliminate problems. Visualization, speed and scalability are must- have characteristics of an effective system. Seceon’s platform runs in real-time, has the ability to view the entire system, and can be applied by enterprises of any size. Seceon will continue to innovate and expand its platform, investing in an approach that brings together machine learning and an SaaS model, to stay one step ahead of the challenges of the future. 39 March 2018

42. Controlling Possible Threats T he rise in cyber-crimes is one of the main causes of Data center outages. As per the recent survey conducted by industry insiders, cyber-crime caused 22 percent data center outages in 2015 opposed to 2 percent outages in 2010. Adding to all these, now most of the data centers are re-evaluating their security policies after the recent WannaCry ransomware attack. Data center outages cause companies to loss revenue in many ways. However, the costliest loss is service interruption and loss of IT productivity. So, the organizations are now realizing that traditional security is no longer secure enough to secure any data center. A recent study has found that 83 percent of traffic travels east/west within the data center, which stays undetected by the 40 March 2018

43. Editor’s Pick perimeter security. In this environment, when an attacker infiltrates the perimeter firewall, then can jump across the system with ease, extract information and compromise valuable data. Additionally, data centers can fail due to trespassers or a terrorist attack or by natural calamities. additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to safeguard the employees and the data center. Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other than administrative purposes for better security. So, how can one secure a data center in the best way possible from any kind of cyber threat? Don’t worry we’ve got you covered, with the points below. As the first step, one should Map the Data Center and flag the hackers within the virtual and physical infrastructure. The CSOs and CIOs with a system map of their systems can react to any suspicious activity and take steps to stop data breaches. Being able to visualize different traffic patterns within a network helps to understand threats, that eventually elevates the level of security. A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked thoroughly. Understanding and measurement of traffic flow within the data center boundary are very important. In the case of any interruption in traffic across east/west vs north/south, protected vs unprotected one can get to know about a threat. Additionally, vulnerable zones and unprotected traffic need to be monitored for a better result. Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit the impact of a terrorist attack. Firewall rules need to be defined and implemented as per requirements. Additionally, one should allow traffic only after thorough verification and selectively allow communication to ensure maximum protection. The key is to identify, what;s legal and secured and what can be blocked to enhance security. Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance footage helps when it comes to securing a data center. One needs to Build a Team with executives who understand how traffic flows within the premises and can access & secure information, take necessary measures to secure important assets along with the implementation of roadblocks for the attackers. Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters. Security must move as fast as a data center’s technology adoption and integration. Security Strategy Should Change Alongside the Technology and it should not be treated as an add-on option. Additionally, businesses also should ensure that their virus protection, signatures other protection features are up to date for better protection. Businesses should Identify and Place Controls over high- value assets, which will help to reduce risk. However, older security solutions are completely blind to new threats, new security companies have produced latest solutions that protect data in the virtual world. To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with lesser outages. Access Restriction also needs to be imposed. Every business should thoroughly check a person’s background before giving the access to a prized possession. Access to the main site and the loading bay must be limited, 41 March 2018

44. Omnichannel Agent and Customer Engagement Solutions Simplify and personalize the customer experience, empower agents and achieve business success with one workspace for all channel interactions, application integrations, and CX reporting.

46. SonicWall: A Security Center that Delivers Real-Time Cyber Attack Data N professionals exist in an increasingly complex world. As the cyber threat landscape evolves, a new cyber arms race has broken out that places organizations and their security solutions in the crosshairs of a growing global criminal industry. Cyber criminals are increasingly turning to highly-effective, advanced cyber weapons such as ransomware, infostealers, IoT exploits and TLS/SSL encrypted attacks to target organizations of all sizes around the world. Conner’s leadership, SonicWall surpassed financial and operational goals, delivering. Ÿ Record partner registrations of more than 18,000 global channel partners with 5,000 new partners Ÿ Strong pipeline growth with over $330M in new partner deal registrations Ÿ Key service improvements with 80% reduction in wait times Ÿ A new global marketing campaign Ÿ Record new product releases owadays cybersecurity is more important than ever for every business. Cybersecurity SonicWall provides small- and medium-sized businesses and enterprises worldwide with real-time breach detection and prevention solutions. Its security solutions help organizations run more effectively and securely in today’s risky cyber landscape. The company regularly updates its product to provide several layers of defense against cyber threat trends identified by the SonicWall Capture Labs Threat Research Team. Exclusive Array of Services Most firms offer the products of companies with which they partner as the best solution for all their clients. At SonicWall, the expertise of their consultants is their largest asset, allowing them to offer the very best solution to their client. The company’s industry-specific solutions include: Ÿ SonicWall Next-Generation Firewalls: When the Capture Labs threat researchers noted a rise in malware hiding within SSL/TLS encryption to evade firewalls, they developed a broad range of next- generation firewalls that can inspect SSL/TLS-encrypted traffic without slowing network performance. The Experienced Leader With a career across high-tech industries spanning more than 30 years, Bill Conner, President and CEO of SonicWall, is a corporate turn- around expert and global leader in security, data and infrastructure. He began his leadership tenure with SonicWall when the company broke off from Dell in November 2016. Conner has a bachelor’s degree in mechanical engineering from Princeton University, and an MBA from the Wharton School of the University of Pennsylvania. A staunch supporter of public-private cybersecurity partnerships, Conner regularly shares his expertise with global financial, enterprise and government leaders. He has introduced a clear plan for strengthening SonicWall’s distribution channel and improving its rate of innovation. This strategy has helped the company exceed every growth goal it set for itself. Within one year under The Inception Story Headquartered in Milpitas, CA, SonicWall was founded in 1991. The company wants to help organizations protect their networks and sensitive data from advanced cyber-attacks. “ In the cyber arms race, knowledge is our most powerful weapon. Capture Advanced Threat Protection (ATP) Service: In response to the growing number of advanced persistent threats, SonicWall introduced the Capture Advanced Threat Protection (ATP) service; a cloud-based, multi- engine sandbox designed to discover and stop unknown, zero- day attacks at the gateway and Ÿ “ 44 March 2018

47. provide automated remediation. Capture Cloud Real-Time Deep Memory Inspection TM (RTDMI ): To help customers identify and mitigate deceptive memory-based threats and future Meltdown exploits, they unveiled the patent-pending SonicWall Capture Cloud Real-Time Deep Memory Inspection TM (RTDMI ) in February 2018. Ÿ SonicWall Secure Mobile Access (SMA) Appliances: To help companies with mobile workforces keep their hybrid IT environments secure while providing a consistent experience for authorized users, SonicWall released its Secure Mobile Access (SMA) appliances that provide granular, single sign-on (SSO) access control; context-aware authorization; file inspection in a multi-engine cloud sandbox; and easy integration with enterprise mobility management solutions. Ÿ Bill Conner President & CEO SonicWall Email Security: Designed to make secure and compliant email access easier, SonicWall Email Security is a next-generation email security platform that scans a wide range of email attachment types, then analyzes them in a cloud-based, multi-engine sandbox and blocks suspicious attachments until they are reviewed by an authorized administrator. Ÿ This success was supported by the launch of SonicWall University, a role-based training and enablement resource for partners and employees. Attracting Customers toSonicWall To empower and educate their partners, SonicWall ensures each customer has a one-to-one relationship with a cyber- security expert. They recently launched a Customer Support Portal with omni-channel service capabilities. The customer service department shares the feedback and insights customers provide with the appropriate lines of business within SonicWall to drive improvements in training, communication and product development. As a result of these and other efforts, customers consistently rate SonicWall support agents above 89 percent for responsiveness, technical knowledge, and professionalism. They also report an 85 percent self-service success rate. A Unique Approach SonicWall thrives on a culture of open information sharing. This ranges from the real-time alerts and threat information shared by Capture Labs, to the customer service team’s systemized sharing of feedback with other lines of business, to the ongoing education of partners and employees through SonicWall University, to CEO Bill Conner’s leadership on cybersecurity trends and legislation. The company believes that only by having a real-time understanding of the cyber threat landscape can one develop and implement best practices and innovative solutions that work. Future Endeavors As a company that bases its product strategy on a data- based understanding of the next wave of cyber threats, SonicWall is well-positioned to help customers weather them. They have already started seeing more companies implementing advanced threat protection solutions, SSL/TLS inspection capabilities in firewalls, and solutions geared toward stopping memory-based exploits. SonicWall hopes to also see more widespread sharing of information across the industry. Many victims still fear being stigmatized if they reveal they have been breached, but sharing this information can help ensure that other Distinctive Strategies for Success SonicWall’s independent status has given them the ability to move swiftly on intelligence gathered by the Capture Labs Threat Network. This allows them to innovate and release products and services that are unique to the industry, and these have already proven themselves in the field by protecting customers against threats ranging from ransomware to Meltdown. It is not only SonicWall’s innovative products that set it apart from the competition, but their distribution strategy, too. SonicWall moved to a 100-percent channel distribution model and launched the SecureFirst Partner Program, which quickly accumulated $330 million in revenue and more than 18,000 global partners in 150 countries. 45 March 2018

48. Tinfoil Security Incorporating Security into your Development and DevOps Workflow T extensive backgrounds in security across many organizations around the globe. The organization builds cybersecurity solutions which scale, for large enterprise companies. It streamlines the client’s security needs with tools that easily integrate into any DevOps process or SDLC. Tinfoil’s technology empowers its clients’ DevOps and development teams to become the critical first line of defense, thereby increasing bandwidth for security teams to prioritize and enhance more strategic security initiatives. infoil Security has a founding team of MIT and intelligence community alumni, with Tinfoil Security’s enterprise offerings include access to a multitude of tools that help integrate security into its clients’ DevOps process. have helped the organization create a superior product that is on the cutting- edge of today’s cybersecurity needs. Michael is phenomenal at starting and building relationships with anyone he meets and has played an integral role in growing and closing the Tinfoil Security sales pipeline as well. His pure passion and deep knowledge of the cyber security industry has allowed him to often play the trusted advisor role for Tinfoil Security’s customers, who lean on him for direction and advice for protecting their sites and IP. When Two Undisputed Leaders Took Charge Back in 2011, Tinfoil Security was founded by Ainsley Braun and Michael Borohovski. Since its launch, the organization has provided security solutions to numerous customers, ranging in size from SMBs to the Fortune 100. Ainsley is the CEO of the company and makes sure to instill a company culture that prides itself on community and giving back. This is reflected in the contributions made by its engineering team to open source their code, whenever possible, to the global community in the battle for cybersecurity. Ainsley realized that she wanted to be a leader and innovator in the cybersecurity industry during her time consulting with Booz Allen Hamilton, where she worked upon graduating from MIT. As a member of their Strategic Technology and Innovation division, she has worked primarily with United States Department of Defense (DoD) clients. Michael serves as the CTO of the organization. His technical abilities Ground Breaking Products Tinfoil Security currently offers two products; Web Scanner and API Scanner. WEB SCANNER: Tinfoil Security knows most CISOs at enterprise companies deplore their current security solutions or are just too jaded to even deal with third party integrators, especially for scanning web applications. Tinfoil checks for over 70 classifications of vulnerabilities, including the OWASP Top 10 Web Application Security Risks, and is always adding more as new zero-day vulnerabilities are discovered. The product scans each time a new version a customer’s site is deployed, and can also log into any Ÿ “ We're a team of experts with extensive backgrounds in security across many organizations. “ 46 March 2018

49. website, including SAML / Single Sign-On authenticated sites. Ÿ API SCANNER: The Tinfoil Security API Scanner is able to detect vulnerabilities in almost any API, including web-connected devices such as mobile backend servers, IoT devices, and web services. The few tools that are currently available lack coverage depth in API security or are focused on acting as a firewall or unintelligent fuzzer. Vulnerabilities focused on authorization and access control concerns, or even web- like vulnerabilities like XSS, manifest in different ways and with different exploitation vectors than they do for web applications, and the Tinfoil Security API Scanner takes that into account. Tackling Uneven Roads In the early years, Tinfoil was focused exclusively on SMBs, because of it being an underserved market which sorely needed help with their application security tooling and process. As the company grew and gained SMB market share, it discovered that enterprise organizations actually had very similar problems and lacked solutions to bridge the gap between the vastly increased speed of development and their relatively smaller security teams. The organization quickly realized that in order to steer Tinfoil Security in the direction of becoming a globally competitive player in this space, it had to switch its focus into the enterprise. This strategy led the company well into profitability, while still maintaining, supporting, and selling to tens of thousands of customers in the SMB market. Michael Borohovski Co-founder & CTO Ainsley Braun Co-founder & CEO patent-pending technology. Built from the ground up, Tinfoil provides an integral, fully developed tool that CISOs can use to bring their developers and DevOps teams into their cybersecurity strategy to build highly secure products, easing their burden and increasing efficiency. This is in contrast to the few competitive solutions that take web scanners and have jury-rigged them to act as an API scanner, lacking coverage depth in API security. The only other options are those focused on acting as a firewall or unintelligent fuzzer. Tinfoil, instead, focused on solving the problem as its own problem, rather than rehashing what it already knew. Tinfoil Security works continuously to improve the state for the industry’s tools in combating attackers around the world. The profitability turnover was in large part due to Tinfoil’s ability to adapt and implement an innovative strategy, while leading with an agile sales and operations process within the firm. The organization made sure to keep track of and provide superior support to each and every customer, even as they reached the tens of thousands. Through this involvement with customers, the company designed its product for better UI and UX functionality, making it seamless, integrated, and usable for DevOps teams. Future Roadmap Tinfoil Security has just launched its API Scanner, and will be focusing on educating CISOs on Tinfoil Security’s 47 March 2018