Military and Strategic Journal
Issued by the Directorate of Morale Guidance at the General Command of the Armed Forces
United Arab Emirates
Founded in August 1971
عربي

News

2015-08-01

‏ BATTLING CYBER ATTACKERS

Few issues are as pressing as cyber security. Cyber attackers continually show startling high levels of technical expertise with sophisticated planning and preparation. Guy Meguer, Head of the Cyber Security unit at Airbus Defence and Space in the Middle East, outlines how to meet the challenges head on.
 
 
By Sakha Pramod
 
Can you tell us about your expertise in taking on the cyber security challenges faced by today’s organisations?
Cyber threats are indeed evolving continuously, with attacks becoming more frequent, more sophisticated and having an increasingly disruptive impact on businesses. 
 
The aims of cyber attackers are manifold: sabotage, espionage and, last but not least, cyber criminality. All of these phenomena are on the rise, and this is particularly true of cyber attacks perpetrated for the purpose of espionage. The aim in this case is to inconspicuously infiltrate an organisation’s IT network in order to steal its most sensitive information such as strategy, commercial and financial data and patents.
 
Cyber attackers have progressively proven their high level of technical expertise with sophisticated planning and preparation. Faced with such a threat, our defences need to be significantly updated and upgraded on every level and continuously increased. 
 
Airbus Defence and Space has a comprehensive offering, covering professional IT security services, cyber defence solutions and trusted infrastructure products. 
 
Cyber security starts with defining governance, implementing standards, identifying vulnerabilities and protecting the assets crucial to business continuity. Our cyber experts have developed extensive expertise in information assurance (also called information security) and are able to provide services in all matters of security. 
 
Our CDOCs (Cyber Defence Operations Centres) ensure the implementation of the highest security levels for the government and private sectors, protecting and monitoring their critical networks and ensuring efficient incident response. This is combined with advanced forensic tools for identifying malware, containing its effect and recovering normal operations.
 
Last but not least, we have a range of high-grade cryptography products for military applications, allowing very secure data transmission up to Secret level.
 
Your Stormshield solution is one of the leading European brands for next-generation network, endpoint and information security products. Do you think it is suited to meeting the cyber security needs of the Gulf countries?
To secure infrastructure and make it ‘trusted’, our Stormshield product line comprises innovative all-in-one hardware and software appliances that effectively protect networks and servers. Attacks and weaknesses are no different in the Gulf countries to other parts of the world. The IT technologies are the same. Therefore, what we deliver in Europe is perfectly suited to protecting the networks in the Gulf region.
 
The targets may be different since this region is mainly known for its banking and energy sectors which are critical to the economy. But the methods are the same and the protection requirements identical.
 
In 2014, we launched a new generation of network protection solutions known as Stormshield Network Security. This new line of products complements the Stormshield Endpoint Security (workstation protection, even from unknown 0-day threats) and Stormshield Data Security (data protection) product ranges, thus providing end-to-end security to organisations targeted by cyber threats. 
 
Over recent years, attacks such as Stuxnet and Flame have raised global awareness of the vulnerability of critical national infrastructures to cyber attacks and notably Advanced Persistent Threats (APTs). Oil-rich GCC countries could be particularly vulnerable. How can they be protected?
Critical national infrastructures such as oil production plants and electricity/water distribution are increasingly targeted by advanced cyber attacks. Given the critical role of these infrastructures in the proper functioning of civil life, the impact and consequences of cyber attacks on them are tremendous and may lead to financial and strategic losses. More so than Stuxnet and Flame, Shamoon has shown how just how disruptive these attacks can be. 
 
Every day we learn about further attacks and further major compromises. APTs illustrate how porous and vulnerable our infrastructures are. The hallmark of these threats, which are more sophisticated than mere viruses, is a well-planned modus operandi: hackers investigate the background of a company, develop strategies for attacks and deploy their tools in accordance with a structured action plan. The attackers, organised into teams with well-defined roles, maintain their presence in infrastructures over longer periods of time in order to extract as much information as possible.

Without proper protection, these attacks are very often detected by chance and very late, once the damage has started to become evident.
 
As the Middle East region continues to develop and grow, the public and private organisations that are driving this growth will be subject to increased and more sophisticated threats. It is therefore vital to ensure that they are adequately protected against these threats.
 
Many people believe that if they are equipped with anti-virus, firewalls and intrusion protection, their systems are safe enough and they can sleep soundly! This is not the case any more. Appliances and firewalls are certainly needed as they detect and stop 80 per cent of the attacks. But the 20 per cent remaining are the most sophisticated and dangerous as they will pass across this first level of protection.
 
Comprehensive protection is a combination of different solutions dedicated to various parts and typical attacks:
• The first step should be to set up appliances around the perimeter in order to ensure protection
• In addition to anti-virus, servers and workstations must be protected by endpoint security and OS hardening
• Internet access must be controlled by a strict policy that defines authorised sites (white list/black list)
• Internet gateways should be monitored with deep packet inspection 
• A Security Operation Centre (SOC) will provide clear situational awareness, identifying the level of threats in real time and allowing operators to manage incident response in a timely and efficient way
• Critical organisations should be equipped with advanced forensic tools and cyber intelligence information to be proactively prepared for any unexpected situations.

Airbus Defence and Space has invested in developing solutions in all the above areas. But experience shows that the most vulnerable element is still the human resources. We believe that information security starts with clear governance and a security policy shared and practised across the entire organisation. 
 
Raising the awareness of the top management is another pre-requisite. This can be done via meetings with CEOs and board members to focus their attention on business continuity and the investments needed to prevent the risks. 
 
How can you make sure a system is malware-free and what do you do when an attack is detected and the level of protection is not enough, which is likely to be the case in many organisations?
Airbus Defence and Space recommends a seven-step approach to make sure attacks are contained effectively:
1: Prevention: Ensures thata security policy is in place and is well understood. 
2:   Periodic APT check   (diagnosis): Ensures that no dormant malware is active in the IT system and networks. Experts analyse the behaviour of critical parts, supported by proven methodology and tools. 
3:  Initiation of forensics process if the network appears to be compromised: In-depth investigation allows the nature of the attack to be identified and the potential damage to be assessed.
4:  Definition of all attack markers: Prepares for the ‘cleaning’ process. 
5:   Remediation: Suppresses all malware and attack signals detected. This phase must be prepared for efficiently and carried out as fast as possible to prevent the attackers from changing their behaviour.
6:  Recovery: Following up with the client within the necessary timeframe to reinforce their defences and make sure the system has been appropriately cleaned.
7:  Remote supervision: Provides dedicated monitoring to detect any further attempts by intruders.
 
Airbus presented the Keelback Net cyber sensor at the GISEC 2015 information security exhibition in Dubai. What is special about it?
We exhibited our new cyber sensor at GISEC 2015 and attracted a lot of interest. Our Keelback Net sensor continuously monitors traffic flows, thus enabling early detection and investigation of suspect behaviour within company networks, in particular ‘weak signals’, which are stealthy and therefore impossible to spot through classic detection means. One of the key advantages of Keelback Net is the combination of multiple analysis methods and capabilities in a single sensor. This innovative approach means that threats can be detected more rapidly and larger amounts of data processed.
 
When deployed in the customer’s network environment, Keelback Net constantly monitors data traffic, identifies and detects threats, analyses characteristic signs of stealthy malware and instantly raises an alarm if an attack is suspected. The alarm is immediately qualified by Airbus Defence and Space experts using a continually updated knowledge database. It is then handled in accordance with notification and response scenarios established in close cooperation with the customer.
 
How do you beat international competition and what are your USPs?
Within the Airbus Defence and Space division, our experts are our number one asset. Security is in our DNA. The teams are young and undergo continual training to ensure they stay at the top of their game. They also gain knowledge by working on everyday cases.

The experience of each person in the team is then shared with the others in order to stay abreast of the latest developments and trends in attacks. Airbus Defence and Space also invests in R&D in order to develop the next generation of security solutions, and also takes part in many European and international projects. 
 
What separates us from the rest is that we have developed our own comprehensive portfolio and also have a proven track record as system integrators. We can address the market needs from different angles: consultancy, managed services, vendors and large system integration (LSI).
 
 
 
 

Comments () Views (9785 ) Print
    • Add Comment

    Your comment was successfully added!

    Visitors Comments

    No Comments

    Related Topics

    Maximizing GA-ASI RPA Potential in Middle East Airspace

    Read More

    UAE–Japan ties:Getting Diverse and Stronger Every Year

    Read More

    Al Marakeb innovates with radio, satellite and 4G in their 100 per cent UAE made vessels

    Read More

    Rockwell Collins is committed to the Middle East:Yves Gallety, Managing Director, Middle East,Turkey & Africa region

    Read More

    Performance Based Logistics New Era in Defence Services: Boeing’s Sjogren

    Read More

    UAE, NEPAL TO BOOST TIES

    Read More
    Close

    2024-05-01 Current issue
    Pervious issues
    2017-05-13
    Comment 32
    2014-03-16
    Comment
    2012-01-01
    Comment
    2014-01-01
    Comment
    2021-06-01
    Views 88211
    2021-02-21
    Views 87821
    2022-06-01
    Views 86271
    2021-09-15
    Views 85848
    .

    Voting

    ?What about new design for our website

    • Excellent
    • Very Good
    • Good
    Voting Number 1647

    Video


    Navigation


    Visitors NO.

    2 4 0 1 5 5 9 1 3
    © 2014 Nation Shield Magazin. All rights reserved
    Designed & Developed by
    smart vision