Amir Kanaan, Managing Director for the Middle East Turkey and Africa at Kaspersky outlines how their operations have evolved, the impact of threat intelligence and the importance of SOCs.
Tell us about Kaspersky’s operations in the Middle East?
We have had our operations in the Middle East for over 15 years and are celebrating our 25th anniversary this year. Earlier this year, we opened a new office in Saudi Arabia, which adds to our ever-expanding network and is a milestone in our roadmap to protect over 400 million users and 240,000 corporate clients worldwide. With quarter of a century experience, we continue to work closely with major government entities and key industries in the region doing what we do best – protect our customer and what they value the most. To date, we have tracked activities of over 900 APT groups and collected over 1 billion malware files.
To illustrate our success in numbers, we have had steady growth in our Middle East business throughout the past years. The first half of 2022 showed a 8% YoY growth and we aim to continue this streak of success in the region.
Digital transformation raises the stakes for IT security. This basically means moving your IT security strategy to a new level. How does Kaspersky’s Threat Intelligence step in to help organisations stay ahead of cyberthreats?
APT groups are extremely smart, well-equipped to infiltrate any device or network to achieve their motives. They are also quick to exploit vulnerabilities in new technologies. For example, IoT has fast become a key driver of digital transformation and is crucial within today’s smart city infrastructure. The Mirai botnet used enterprise-class IoT devices to launch massive DDoS attack that had dire financial and reputation consequences. APT groups also rely on smart social engineering techniques to infiltrate their victims. The only way to stay ahead of the threats is by understanding them and preparing accordingly. For example, an airline company in the Middle East using our threat Intelligence can have access to insights on APTs targeting other airlines in the region and worldwide to understand the criminals’ motives and techniques and build a cybersecurity strategy that is resilient.
Our research team is an elite group of more than 40 security experts, specialised in tracking and studying the activity of APT groups around the world. Our regional researchers are currently monitoring 29 groups in the Middle East and have issued hundreds of reports sharing expertise and insights on their operations.
Kaspersky has created a created a concept for designing IT systems with “innate” immunity, called the Cyber Immune approach. How do you implement this and ensure that IT systems are innately secure?
Whether it is industrial plants, energy facilities, cars or smart city systems, critical infrastructure cannot afford to have operations disrupted as this could affect people’s lives. Although the cybersecurity industry is creating more security technologies, it is often merely playing catch-up with the attackers. So, Kaspersky decided to reinvent cybersecurity and coin the term “Cyber Immunity”, a way to develop IT systems with innate protection. Kaspersky’s Cyber Immune approach is a means to create solutions that are virtually impossible to compromise and that minimise the number of potential vulnerabilities. Think of it as cybersecurity at the core, rather than being required to add additional layers of protection at a later stage.
We believe that Cyber Immunity is the future of cybersecurity. Our Cyber Immune operating system, KasperskyOS, along with a special development methodology lets developers create Cyber Immune solutions. It provides the interfaces, mechanisms and tools, while the methodology requires organisations to clearly define security objectives and the conditions in which an IT system will operate.
We’ve already launched products based on our Kaspersky OS. We recently launched the Kaspersky IoT Secure Gateway 1000, which is a Cyber Immune solution. Kaspersky IoT Secure Gateway 1000 is designed to serve as a secure gateway for the Internet of Things in an enterprise network.
Traditional approaches to security are no longer enough. Today, a holistic approach is necessary to stay ahead of the fast-growing threat landscape. How much of this is actually implemented in businesses in the region? What are they lacking?
Organisations are investing in a holistic cybersecurity approach. However, we are seeing a shortage of holistic cybersecurity approaches backed by strong expertise, which in the long run will always be a liability.
As compared to other global economies, our region is no exception to the dearth of talent in cybersecurity, more so in critical infrastructure industries like energy, transport, oil & gas and so on. 66% of organisations have faced significant security staffing challenges. We want to reduce this percentage, if not make it irrelevant. To do so, we work closely with various government entities and universities to train, teach and hone new and existing talent.
To combat lack of security skills, we also offer our Managed Detection and Response to organisations. Through this, organisations can get access to our experts round the clock, and can expect individually tailored ongoing detection, prioritisation, investigation and swift response to incidents.
Awareness is the first step to effective cybersecurity. How much awareness is there among organisations in the region about the growing importance of fool-proof security practices? Also, how do you view the training and capacity building capabilities available in the region?
We at Kaspersky absolutely agree that awareness is the first step to effective cybersecurity. But organisations fail to understand that awareness is not a “one-off” thing, but an ongoing process. Majority of all cyber-incidents are caused by human error because it takes only one click on the wrong link to let cybercriminals inside an organisation. A cybersafe workplace culture implemented at all levels in an organisation, from the boardroom to the workforce has the potential to defend against attacks.
We understand that people are generally not motivated to change their habits, and sometimes educational efforts turn into an empty formality. This is why using our insights, expertise and training techniques, we have designed a continuous learning approach that can help the staff play their part in the overall cyber safety of the organisation. Our Kaspersky Automated Security Awareness Platform (ASAP) takes a new approach to online educational programs. It doesn’t just provide knowledge: it builds concrete cyber-hygiene skills and practices.
In order to fight modern global cyberthreats, it’s not enough to just build a Security Operations Centre (SOC) in the conventional sense – you need a SOC that is equipped with the technologies, security intelligence and knowledge that empower it to adapt to ongoing challenges. How does Kaspersky power SOCs to fight complex and complicated threats?
SOC building is a complex, costly, and long-term project. It may fail due to various reasons, given the demand for it to be intelligence-driven and have the ability to provide round-the-clock monitoring and response.
Our approach is based on hands-on experience in SOC building and operating, commercial threat hunting, APT campaigns investigations and analysing more than 380,000 new threats every day. For the SOC framework, we help organisations choose the right technologies that fit well with their business needs by understanding their processes, the nature of their business and the industry they operate in. We then move towards identifying the data most crucial for them and their customers, and ensure it is protected.
Our SOC consulting service includes the following stages:
- Data Collection and Review: At this stage, Kaspersky assesses the existing detection and response capabilities of the SOC team, collects data needed for the framework development, and reviews the existing documents related to security operations.
- Design: The Kaspersky team will develop complete and consistent SOC framework tailored to the customer infrastructure, requirements and needs.
- Build: Kaspersky can also help organisations upgrade their existing SOC from traditional to next-gen or if the situation calls for it, build one from scratch to mitigate emerging threats.
- Implementation: The Kaspersky team in coordination with the SOC team will deploy and configure Kaspersky tools and solutions needed for SOC operation. Deployment and configuration of third-party solutions can be provided by partners or customers, if needed.
- Talent recruitment: It is very important that the SOC team has all necessary roles, right skills and follow well-defined processes and procedures. Kaspersky helps organisations by interviewing candidates applying for IT/security positions to fit the bill.
- Support: After the SOC starts its operation, the Kaspersky team will support its daily operation throughout the agreed time period. Kaspersky experts will support security operations in various ways, such as:
- Using the Kaspersky Managed Detection and Response services for the most sophisticated tasks, such as incident response, digital forensics, malware analysis and security assessment
- Consultation regarding previously designed SOC processes and procedures
- Technical support for Kaspersky solutions
- Red teaming exercises and maturity assessment for continuous SOC improvement
When I started my career in the IT industry more than 15 years ago, a SOC was a cybersecurity luxury and often only needed within governments. Fast forward to today, where SOCs are a main pillar of cybersecurity and play a vital role in keep an organisation one step ahead of emerging threats.