You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>The</strong> way of business solutions<br />
THE<br />
<strong>10</strong><br />
FASTEST GROWING<br />
SECURITY<br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Editor’s<br />
Perspectives<br />
Network <strong>Security</strong><br />
Threats & <strong>Solution</strong>s<br />
www.insights<strong>success</strong>.com<br />
November 2016<br />
Chalk Talk<br />
Traits to<br />
Possess the<br />
Best Enterprise<br />
<strong>Security</strong><br />
Features<br />
Why Protecting<br />
Your Business<br />
from Cyber<br />
Attacks is no<br />
Longer Optional?<br />
Jack Zahran<br />
President<br />
Pinkerton:<br />
Perfect Partner for Risk Management<br />
Since 1850<br />
Assured<br />
Motion For<br />
Any Vehicle<br />
David Bruemmer<br />
Technology and Network<br />
Convergence: Forging<br />
a Path to Smart Grid, Smart<br />
Cities and Internet of Things<br />
Jeff Carkhuff<br />
Business<br />
Applications<br />
for Virtual and<br />
Mixed Reality<br />
Adam Sheppard
Since 1984<br />
www.fossil.com
Editorial<br />
igitalization has become a new frontier of customer<br />
Dexperience for enterprises, and customer information/data is<br />
the most valuable asset of any company. <strong>The</strong>re has been a<br />
massive increase in the volume of data generated from both webs<br />
and corporate operational systems in every enterprise. Cloud<br />
Services are bringing new waves of productivity growth and<br />
consumer surplus but also creating challenges related to data<br />
security.<br />
Conventional <strong>Security</strong><br />
Measures no Longer<br />
Adequate in the<br />
Era of Cloud<br />
Usually, outsiders are restricted from getting access to Big Data<br />
environments by conventional security at the borders of a private<br />
network. But, with today’s advanced and sophisticated break-in<br />
strategies, perimeter security is no longer adequate. Malware like<br />
agent.btz and cryptolocker have proved the internet world that cyberattacks<br />
now no longer originate solely out of geeks’ dormitories and,<br />
as a result, organizations are now agreeing that defending their<br />
businesses requires them to extend beyond their virtual perimeters.<br />
However, with a motive to turn the tide, companies have started<br />
outsourcing IT security to dedicate managed security service vendors<br />
to help implement preventative measures. Utilizing tools and<br />
hardening firewalls would not suffice, but companies have to take<br />
steps beyond that.<br />
A comprehensive security risk analysis is essential to identify the<br />
risks to the network and apply an appropriate level of security<br />
according to the risk levels. Risk assessment allows companies to<br />
assess, deter<strong>min</strong>e and modify their overall security stance and to<br />
enable security, operations, organizational management to<br />
collaborate and view the entire organization from an attacker’s<br />
perspective. This helps to maintain a practicable equilibrium<br />
between security and required network access.<br />
<strong>Security</strong> experts also believe that well-established corporations need<br />
well-written security policies which assist in setting suitable<br />
prospects regarding the use and ad<strong>min</strong>istration of corporate IT<br />
assets, set of rules established for employees and ad<strong>min</strong>istrators and<br />
requirements installed for system and management which together<br />
ensures the security of an organization’s assets. After taking<br />
necessary measures, companies should attempt to discover loopholes<br />
in their network system and it's only possible with Network <strong>Security</strong><br />
Audits and Vulnerability assessments which can help keep<br />
compliance programs on track.<br />
Sugandha Sharma
<strong>Insights</strong> Success Media Tech LLC<br />
555 Metro Place North, Suite <strong>10</strong>0,<br />
Dublin, OH 43017, United States<br />
Phone - (614)-602-1754<br />
Email: info@insights<strong>success</strong>.com<br />
For Subscription: Visit www.insights<strong>success</strong>.com<br />
Editor-in-Chief Pooja M. Bansal<br />
Senior Editor<br />
Research Analyst Jennifer<br />
Circulation Manager Robert<br />
Database Management Steve<br />
Technology Consultant Vishal More<br />
sales@insights<strong>success</strong>.com<br />
November, 2016<br />
Corporate Ofces:<br />
Ariana Lawrence<br />
Managing Editor Sugandha Sharma<br />
Co-Editors<br />
David Smith<br />
Vikram Suryawanshi<br />
Stephanie Andrews<br />
Abhijeet Parade<br />
Suhel Mashayak<br />
Visualiser David King<br />
Art & Design Director Victoria<br />
Co-designer Alex Noel<br />
Picture Editor Amol Kamble<br />
Art Editor Mahesh Suryawanshi<br />
Business Development Manager Mike Thomas<br />
Nick Adams<br />
Marketing Manager Chris<br />
Business Development Executive<br />
David, Peter,<br />
John, Brian<br />
<strong>Insights</strong> Success Media and Technology Pvt. Ltd.<br />
Ofce No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk,<br />
Pimple Saudagar, Pune, Maharashtra 41<strong>10</strong>17<br />
Phone - India: 020-694001<strong>10</strong>, 111, 112<br />
Email: meera@insights<strong>success</strong>.in<br />
For Subscription: Visit www.insights<strong>success</strong>.in<br />
6<br />
,
Pinkerton:<br />
Perfect Partner for Risk<br />
Management Since 1850<br />
Editor’s Perspectives<br />
8<br />
Network <strong>Security</strong><br />
Threats & <strong>Solution</strong>s<br />
24<br />
Chalk Talk<br />
Traits to Posses the<br />
Best Enterprise <strong>Security</strong><br />
Features<br />
Why Protecting Your<br />
14<br />
Business<br />
Applications for<br />
Virtual and<br />
Mixed Reality<br />
42<br />
CXO STANDPOINTS<br />
Assured Motion<br />
For Any Vehicle<br />
22<br />
Technology<br />
and Network<br />
Convergence:<br />
Forging a Path<br />
to Smart Grid,<br />
Smart Cities and<br />
Internet of Things<br />
34<br />
Business from Cyber Attacks<br />
is no Longer Optional?<br />
32
BAI <strong>Security</strong>:<br />
<strong>Security</strong> Expertise that<br />
exceeds Client’s<br />
Expectations<br />
18<br />
Code Dx:<br />
A Software<br />
Vulnerability<br />
Correlation and<br />
Management System<br />
20<br />
CodeSealer:<br />
Invisible end-to-end<br />
Web <strong>Security</strong><br />
28<br />
MegaPath:<br />
Single Source for<br />
Cloud Communications<br />
and Managed Networks<br />
30<br />
Nanotech <strong>Security</strong>:<br />
Leader<br />
in Anti-Counterfeiting<br />
with Advanced<br />
Authentication Products<br />
38<br />
Trianz:<br />
Execution Driven<br />
<strong>Security</strong> Firm<br />
40
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Matter of IT <strong>Security</strong><br />
<strong>The</strong> business IT panorama is increasingly getting disrupted due to the onslaught of Cloud, Data Science, AI, and IoT<br />
adoptions on both consumer and enterprise side. Hence, the talent community is keen on securing their career by<br />
moving to the Cloud and other latest techs to ensure their employability for a decade or even more. As more and more<br />
companies will embrace Cloud Technology, the number of connected IoT devices will multiply exponentially, and<br />
security issues will also be augmented. Hence, the security landscape is now changing because of the digital presence.<br />
Recent cyberattacks have demonstrated that more innovative hackers are adapting unique ways to evade security<br />
actions. Since invaders are rapidly improving their IT knowledge, organizations should focus on custom solutions and<br />
pre-emptive approaches that can protect their data and integrity.<br />
<strong>The</strong> importance and usefulness of the <strong>Security</strong> Industries have made us to shortlist “<strong>The</strong> <strong>10</strong> <strong>Fastest</strong> <strong>Growing</strong> <strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong> <strong>Companies</strong>.” Our cover story ‘Pinkerton’, is one of the excellent global leader in Risk and<br />
Management <strong>Solution</strong>, global provider of corporate risk management services including security consulting and<br />
investigations, executive protection, employment screening, and protective intelligence. Jack Zahran, President of<br />
Pinkerton, is the person behind the <strong>success</strong> of the company. He has extensive experience in enterprise risk<br />
management; global operations, sales and marketing; global and national business and client development; mergers and<br />
acquisitions; and global finance and contract management. Under his leadership, Pinkerton has emerged as a leader in<br />
this very domain, providing a unique scalable blend of strategic and tactical solutions.<br />
It is always interesting to know the story behind every company. <strong>Insights</strong> Success Magazine, after an in-depth research<br />
and studies, has shortlisted; BAI <strong>Security</strong>: <strong>Security</strong> expertise that exceeds client’s expectations, Code Dx, Inc.: A<br />
software vulnerability correlation and management system, CodeSealer: Invisible end-to-end web security, Control<br />
Risks: A global risk consultancy, INFOWATCH: Leader in intellectual data protection solutions, MegaPath: Single<br />
source for cloud communications and managed networks, Nanotech <strong>Security</strong>: Leader in anti-counterfeiting with<br />
advanced authentication products, Pinkerton: Perfect partner for risk management since 1850, Trianz: Execution<br />
driven security firm, Votiro, Inc.: An intelligence-gathering and security organization. <strong>The</strong>se are the companies that are<br />
on the forefront in recognizing their best security solutions with excellence while setting the industry standards.<br />
While flipping the pages of <strong>Insights</strong> Success Magazine, do not miss out ‘Traits to Possess the Best Enterprise<br />
<strong>Security</strong>, Why protecting Your Business from Cyber Attacks is no Longer Optional? and Network <strong>Security</strong><br />
Threats & <strong>Solution</strong>s?’ from the Editorial Desk. Technology and Network Convergence: Forging a Path to Smart<br />
Grid, Smart Cities and Internet of Things, by Jeff Carkhuff, Business Applications for Virtual and Mixed<br />
Reality, by Adam Sheppard, and Assured Motion For Any Vehicle, by David Bruemmer from the Thought<br />
Leaders.<br />
Hope You all are ready to start off!
G R I P That Truly Works.<br />
+91-11-23311112-7<br />
www.jktyre.com
Cover Story<br />
Jack Zahran<br />
President
Pinkerton:<br />
Perfect Partner<br />
for<br />
Risk Management<br />
Since 1850<br />
or corporate business leaders and decision makers, the terms risk management and strategy management could not be<br />
Fmore different—and understanding those differences and their impact on business continuity is imperative for<br />
organizational <strong>success</strong>.<br />
Threat x Probability x Business Impact = Risk<br />
Risk management involves focusing on identifying and preparing for potential threats and failures rather than opportunities<br />
and <strong>success</strong>es. Corporate risk takes into account threats facing an organization, which can range from natural disasters and<br />
health epidemics to cyber crime and economic uncertainty, and analyzes those threats in terms of their probability and overall<br />
business impact. Types of risk vary from business to business, but preparing a risk management plan involves a relatively<br />
conventional process: Threat x Probability x Business Impact = Risk. This equation can help an organization deter<strong>min</strong>e which<br />
risks exist that may impact business continuity and to what degree—and then create a plan to mitigate those risks moving<br />
forward so they have <strong>min</strong>imal impact on an organization’s ability to meet its objectives. By recognizing potential risks and<br />
creating strategies to <strong>min</strong>imize it, businesses are better prepared to prevent or overcome an incident should it occur.<br />
A risk management plan should detail the strategy for dealing with risks in business. It’s important to allocate some time,<br />
budget and resources for preparing a risk management plan and a business impact analysis. It will help meet legal<br />
responsibilities for providing a safe workplace and can reduce the likelihood of an incident negatively affecting the business.<br />
However, companies and firms often have a tendency to discount the future, and they’re hesitant to contribute time and<br />
capital now to avoid an unpredictable future problem that may or may not happen. Furthermore, mitigating risk typically<br />
entails dispersing resources and diversifying investments. For these reasons, most companies need a separate function or<br />
external help to handle corporate risk management strategy creation and execution, and, as the world’s leading provider of<br />
corporate risk management services, Pinkerton is just the agency to help organizations do just those.<br />
Pinkerton has more than 160 years of experience helping brands identify and manage risks that could potentially harm<br />
day-to-day operations. From investigative work to corporate risk consulting, Pinkerton prides itself on offering a wide variety
Cover Story<br />
Every company is<br />
different, and security needs<br />
are always changing. Pinkerton<br />
tailors and adjusts its<br />
service to t what’s<br />
best for you. Options range<br />
from temporary personnel<br />
”<br />
to full-time dedicated<br />
stafng<br />
of services necessary to keep client operations safe. <strong>The</strong><br />
company traces its roots to 1850 when Allan Pinkerton<br />
founded Pinkerton’s National Detective Agency.<br />
Throughout its rich history, Pinkerton created the<br />
forerunner to the U.S. Secret Service, hired America’s first<br />
woman detective, and has remained the industry leader in<br />
developing innovative security and risk management<br />
solutions for national and international corporations. With<br />
employees and offices around the world, the company has<br />
the resources to provide reliable and scalable protection for<br />
clients and their assets around the globe.<br />
<strong>The</strong> Leader Who is Steering a Clear Path to Success<br />
Jack Zahran, President of Pinkerton, has extensive<br />
experience in enterprise risk management; global<br />
operations, sales, and marketing; global and national<br />
business and client development; mergers and acquisitions;<br />
and global finance and contract management.<br />
Under his leadership, Pinkerton has emerged as a leader in<br />
”this very domain, providing a unique scalable blend of
strategic and tactical solutions. Jack says, “Every company<br />
is different, and security needs are always changing.<br />
Pinkerton tailors and adjusts its service to fit what’s best for<br />
you. Options range from temporary personnel to full-time<br />
dedicated staffing. Pinkerton’s dedicated professional<br />
solution embeds highly-experienced professionals in the<br />
client’s organization to deliver superior, reliable and timely<br />
risk mitigation.”<br />
Pinkerton offers national and global organizations a vast<br />
selection of reliable risk management services, including:<br />
Employment Screening: <strong>The</strong> company implements<br />
solutions that incorporate standardized best practices, which<br />
helps streamline workflow and maximize productivity<br />
throughout the entire employee lifecycle.<br />
<strong>Security</strong> Risk Management: Whether an organization<br />
functions in a single, multi-story environment or operates<br />
facilities in locations scattered around the world, Pinkerton<br />
can develop comprehensive safety and security plans filled<br />
with effective strategies and programs designed to protect<br />
every essential element of a business: employees,<br />
customers, supply chain, the physical environment and<br />
products.<br />
”<br />
We make it<br />
easier to anticipate<br />
and react to<br />
”<br />
events that occur<br />
nearly anywhere<br />
around the world
Cover Story<br />
intelligence so that clients can prepare for risks arising<br />
globally.<br />
Pinkerton Success Secret: Making Strategies to Serve<br />
Clients in the Best Way<br />
Pinkerton provides a uniquely holistic approach to risk<br />
management, where the firm designs and continually<br />
upgrades its services and solutions to protect all areas that<br />
pose a risk to a business and its operation, both inside and<br />
outside of the company. <strong>The</strong> company has expertise in<br />
virtually every facet of risk management. <strong>The</strong> firm utilizes a<br />
single point of contact model: just one call gives clients<br />
access to Pinkerton’s entire breadth of risk mitigation and<br />
risk management services. And, as client needs change, just<br />
one call is all a client needs to scale services—allowing<br />
Pinkerton to ensure it always delivers the most effective and<br />
efficient solution based on current or expected conditions.<br />
Investigations: Pinkerton provides in-depth investigation<br />
services that can help mitigate internal employee issues,<br />
external risks, and branding and intellectual property<br />
protection.<br />
Pinkerton’s proven 360-degree support model incorporates<br />
components essential to be <strong>success</strong>ful in today’s<br />
ever-changing risk landscape. It starts with attracting and<br />
retaining industry-leading risk mitigation specialists<br />
through extensive screening and training. It then integrates<br />
access to best practices; extensive resources; global<br />
connectivity; benchmarking; and much more. This<br />
performance cycle ensures Pinkerton always provides<br />
outstanding service and delivers outstanding value to<br />
clients. Pinkerton gives clients access to rich, timely and<br />
actionable intelligence: agents have access to vital<br />
information from their global network of resources via<br />
cutting-edge technology, including threat monitoring,<br />
real-time alerting and GPS tracking. <strong>The</strong> ability for<br />
Protective <strong>Security</strong>: Pinkerton’s highly skilled agents<br />
serve as trusted resources to protect high-visibility business<br />
executives and celebrities, including Fortune <strong>10</strong>0 CEOs and<br />
their workforces, famous entertainers, athletes,<br />
high-net-worth individuals, royal families and diplomats.<br />
<strong>The</strong> firm’s services range from providing one-time personal<br />
protection to developing long-term comprehensive<br />
personnel and asset protection programs.<br />
Response Services: No matter where in the world a<br />
company’s assets and people may be, Pinkerton can help<br />
maximize protection during any emergency situation.<br />
Pinkerton’s Response Services team can work with<br />
companies to prepare for – and respond to – any emergency<br />
situation.<br />
Intelligence Services: Pinkerton incorporates actionable<br />
intelligence into every aspect of their service offerings. As a<br />
result, the company delivers increased protection to clients’<br />
personnel, operations and assets. Pinkerton’s Global Risk<br />
Group compiles, analyzes and disse<strong>min</strong>ates critical, timely<br />
No matter where<br />
in the world a company’s<br />
assets and people may<br />
be, Pinkerton can<br />
”<br />
help maximize their<br />
protection during any<br />
emergency situation<br />
”
“Just one call gives clients access to Pinkerton’s<br />
entire breadth of risk mitigation and risk management<br />
services. And, as client needs change, just one call is<br />
all a client needs to scale services—allowing Pinkerton<br />
to ensure it always delivers the most effective and<br />
efcient solution based on current or expected<br />
conditions<br />
“<br />
Pinkerton agents to filter and respond to relevant information provides business leaders and decision-makers with an added<br />
level of Protective Intelligence that only Pinkerton can deliver. This actionable information allows them to make<br />
risk-mitigating decisions that are more timely and accurate.<br />
<strong>The</strong> company features an exclusive global resource network: dozens of offices and a myriad of partners around the world that<br />
can provide “boots on the ground” support nearly anywhere, anytime. Pinkerton agents understand the local laws, languages<br />
or customs of every country and region, enabling them to gather intelligence faster and deliver more effective solutions. By<br />
leveraging this global network of comprehensive knowledge and resources, Pinkerton can access vast amounts of detailed<br />
intelligence and provide clients more accurate and timely information and analysis.<br />
“We make it easier to anticipate and react to events that occur nearly anywhere around the world,” says<br />
Jack.
Chalk Talk<br />
Traits to Possess the<br />
Best Enterprise <strong>Security</strong><br />
he founders occasionally forget about<br />
Timplementing important fundamentals of security<br />
and start running after shining technology.<br />
<strong>The</strong> security budgets are limited, so they need to be sure<br />
about covering highest breach areas before moving onto<br />
other things.<br />
IBM reported that more than a billion personal data was<br />
stolen and leaked in 2014 alone, which made it the highest<br />
recorded number in the last 18 years. Cri<strong>min</strong>als are always<br />
a step ahead of the existing security systems. So companies<br />
should have best strategies and practices for enterprise<br />
security.<br />
So how do we ensure to have the best security systems?<br />
It all has to do with having a solid foundation, which starts<br />
with these basic practices.<br />
Strong Firewalls<br />
Firewalls are the first line of defense for any enterprise.<br />
It basically controls the flow of the data and decides the<br />
direction of flow of data. <strong>The</strong> firewall keeps harmful files<br />
from breaching the network and compromising the assets.<br />
<strong>The</strong> traditional process for implementing firewalls is at the<br />
external perimeter of the network, but to include internal<br />
firewalls is the popular strategy. This is one of the best<br />
practices of companies by making it the second line of<br />
defense to keep unwanted and suspicious traffic away.<br />
Securing Router<br />
Routers are mainly used to control the flow of the network<br />
traffic. But routers do have security features too. Modern<br />
routers are full of security features like IDS/IPS<br />
functionality, quality service and traffic management tools<br />
and strong VPN data encryption features. But very few<br />
people use IPS features and firewall functions in their<br />
routers. To have improved security posture companies need<br />
to use all the security features of routers.<br />
Secured Email<br />
It is highly common to receive emails from the suspicious<br />
sources. <strong>The</strong> email is the main target for the cri<strong>min</strong>als. An<br />
14<br />
November 2016
Chalk Talk<br />
86 percent of the emails in the world<br />
are spam. Even if the latest filters are<br />
able to remove most of the spam<br />
emails, companies should keep<br />
updating the current protocols. If the<br />
no, of spam emails are large, then it<br />
only means the company is at greater<br />
risk of getting malware.<br />
Updating Programs<br />
To make sure your computer patched<br />
and updated is a necessary step if you<br />
are going towards fully protected<br />
enterprise. If you can’t maintain it<br />
right, then updating already installed<br />
applications is an important step in<br />
enterprise security. No one can create<br />
<strong>10</strong>0 percent perfect applications, but<br />
one can make changes accordingly<br />
trying to keep it with the pace. Thus,<br />
making sure your application is update<br />
will let you know the holes<br />
programmer has fixed.<br />
Securing Laptops and Mobiles<br />
You may wonder that why securing<br />
laptops and mobiles is in the list. But it<br />
is true that securing laptops and mobile<br />
phones that contain sensitive data of<br />
enterprises. Unlike desktop computers<br />
that are fixed, laptops and mobiles are<br />
portable and thus are at higher risk of<br />
being stolen. Making sure you have<br />
taken some extra steps to secure<br />
laptops and mobiles is as important as<br />
implementing strong firewalls.<br />
Encrypting laptops and mobiles with<br />
the help of softwares is a great tactic to<br />
be followed for secured enterprises.<br />
Wireless WPA2<br />
This is the most obvious feature of all.<br />
If companies aren’t using WPA2<br />
wireless security, then they need to<br />
start using it. Many methods of<br />
wireless security are insecure and can<br />
be compromised in <strong>min</strong>utes. If<br />
companies have wireless WPA2<br />
installed, then it will be difficult to<br />
breach for cri<strong>min</strong>als.<br />
Web <strong>Security</strong><br />
Verizon Data Breach Investigations<br />
Report stated that the attacks against<br />
web applications in the recent years<br />
have increased at an alar<strong>min</strong>g rate,<br />
with over 51 percent of the victims.<br />
Simple URL filtering is no longer<br />
sufficient, as attacks are beco<strong>min</strong>g<br />
more frequent and complex. <strong>The</strong><br />
features that need to be considered for<br />
web security systems are AV Scanning,<br />
IP reputation, Malware Scanning, and<br />
data leakage prevention function. A<br />
web security should have the ability to<br />
correctly scan the web traffic.<br />
Educating Employees<br />
Making sure that employees are<br />
educated about safe and online habits<br />
is as crucial as securing enterprise with<br />
top class anti virus and firewalls.<br />
Educating employees about what they<br />
are doing and how to be pre-defensive<br />
is more effective than expecting IT<br />
security staff to take steps later.<br />
Because protecting end users against<br />
themselves is the most difficult thing to<br />
do. So, employees must understand<br />
how important it is to keep company’s<br />
data safe and the measures they can<br />
take to protect it.<br />
While the world is approaching with<br />
more and more cyber theft and crimes,<br />
these simple and standard tools based<br />
foundation of enterprise security can<br />
protect the companies from such<br />
attacks.<br />
November 2016 15
MAGAZINE SUBSCRIPTION FORM<br />
Global Subscription<br />
1 Year (12 Issues) $250.00<br />
6 Months (06 Issues) $130.00<br />
3 Months (03 Issues) $70.00 1 Month (01 Issue) $25.00<br />
Name :<br />
Date :<br />
Address :<br />
City : State : Zip :<br />
Country :<br />
Check should be drawn in favour of : INSIGHTS SUCCESS MEDIA TECH LLC<br />
Corporate Office<br />
<strong>Insights</strong> Success Media Tech LLC<br />
555 Metro Place North, Suite <strong>10</strong>0,<br />
Dublin, OH 43017, United States<br />
Phone - (614)-602-1754, (302)-319-9947<br />
Email: info@insights<strong>success</strong>.com<br />
For Subscription: Visit www.insights<strong>success</strong>.com
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Company Name<br />
Management<br />
Brief<br />
BAI <strong>Security</strong><br />
baisecurity.net<br />
Michael Bruck<br />
President & CTO<br />
BAI <strong>Security</strong> is a pure-play security auditing and compliance<br />
firm and is a trusted resource in the finance, insurance,<br />
healthcare, utility, and other key industries.<br />
Code Dx, Inc.<br />
codedx.com<br />
Anita D’Amico<br />
CEO<br />
Code Dx, Inc. is making software more secure by helping<br />
software developers, testers and security analysts find<br />
vulnerabilities before the attackers can exploit them.<br />
CodeSealer A/S<br />
codesealer.com<br />
Tonny Rabjerg<br />
CEO<br />
CodeSealer provides protection against Man-in-the-Middle and<br />
Man-in-the-Browser, with its unique product WSF.<br />
Control Risks<br />
controlrisks.com<br />
JIM BROOKS<br />
CEO<br />
Control Risks is an independent, global risk consultancy<br />
specialising in helping organisations manage political, integrity<br />
and security risks in complex and hostile environments.<br />
INFOWATCH<br />
infowatch.com<br />
Natalya Kaspersky<br />
President<br />
& Co-founder<br />
InfoWatch is a European Software Company, leader In<br />
Intellectual Data Protection <strong>Solution</strong>s, have experience in<br />
implementing extremely complex solutions at the largest<br />
companies and in government agencies.<br />
MegaPath<br />
megapath.com<br />
D. Craig Young<br />
Chairman & CEO<br />
MegaPath is a leading cloud communications and connectivity company<br />
offering a comprehensive portfolio of Voice, Unified Communications,<br />
Hosted IT, and secure data networking services that increase<br />
productivity and customer satisfaction, while lowering costs.<br />
Nanotech <strong>Security</strong> Corp.<br />
nanosecurity.ca<br />
Pinkerton<br />
pinkerton.com<br />
Doug Blakeway<br />
CEO<br />
Jack Zahran<br />
President<br />
Nanotech is a leading innovator in the design and commercialization of<br />
advanced security products and devices, specialized in nano-optics<br />
using proprietary micro and nanostructures, along with best-in-class<br />
thin-film, to achieve the best and most beautiful authentication<br />
technologies in the world.<br />
Pinkerton offers organizations a range of corporate risk<br />
management services from security consulting and investigations<br />
to executive protection, employment screening and protective<br />
intelligence.<br />
Trianz<br />
trianz.com<br />
Chris Mullaney<br />
Practice Head<br />
Information <strong>Security</strong><br />
Trianz is a global professional services firm specializing in full<br />
life cycle execution leveraging Cloud, Analytics, Digitization &<br />
<strong>Security</strong>.<br />
Votiro, Inc.<br />
votiro.com<br />
Itay Glick<br />
CEO<br />
Established in 20<strong>10</strong> in Israel, Votiro was founded by a team of<br />
senior security experts with extensive experience in the public<br />
and private sectors of intelligence-gathering and security<br />
organizations.
BAI <strong>Security</strong>:<br />
<strong>Security</strong> Expertise that<br />
exceeds Client’s Expectations<br />
Cyber security threats are increasingly putting<br />
sensitive data at risk for businesses both small and<br />
large and every business expert is aware of it. <strong>The</strong><br />
need for effective security solution providers has been on<br />
the rise in recent years. While the security of data assets are<br />
at risk, the scope for security providers is increasing every<br />
day.<br />
BAI <strong>Security</strong> is one such security solution provider<br />
delivering assurance and confidence to clients that their data<br />
is protected by an in-house team of nationally recognized<br />
security and compliance experts.<br />
BAI <strong>Security</strong> is armed with innovative auditing and<br />
assessment tools that lead the industry. <strong>The</strong> company is<br />
consistently delivering flexible, consultative service,<br />
user-friendly reports and helpful communication that goes<br />
well beyond the audit.<br />
BAI <strong>Security</strong>: Providing Pure-Play <strong>Security</strong> Services<br />
BAI <strong>Security</strong> is a pure-play security auditing and<br />
compliance firm continuously focused on being the best,<br />
most innovative, cost-effective solution in the industry. It’s<br />
this focus combined with dedication to exceeding their<br />
client’s expectations that propels BAI <strong>Security</strong> as a leader<br />
in the field. Specializing in IT security and compliance,<br />
governance, risk, and auditing services BAI <strong>Security</strong> has<br />
developed a solid reputation for cost-effective,<br />
market-leading services for the banking & finance sector, as<br />
well as many other regulated industries.<br />
BAI <strong>Security</strong> offers a surfeit of services and they are as<br />
follows:<br />
Breach Risk Assessment<br />
<strong>The</strong> Breach Risk Assessment identifies potential<br />
weaknesses of the technology, policies/procedures, and/or<br />
personnel that could lead to system compromise, and<br />
ultimately the data breach. <strong>The</strong> process to deter<strong>min</strong>e these<br />
weaknesses, often referred to as a “Red Team” approach, is<br />
an extension of core audit components, such as external<br />
penetration testing, email and phone-based social<br />
engineering, as well as in-person social engineering and<br />
physical access. However, the goal of the Breach Risk<br />
Assessment is to combine these threat vectors to penetrate<br />
the environment, compromise front-line systems, and use<br />
those systems as pivot points to compromise other, more<br />
sensitive, systems and their data. This provides the<br />
organization with a better understanding of their true<br />
security posture and their potential exposure to a targeted<br />
attack.<br />
IT <strong>Security</strong> Assessment<br />
<strong>The</strong> security posture of a company has never been static<br />
because new threats are discovered throughout existing<br />
systems daily. Whether bringing on a newly acquired<br />
organization, implementing a new application platform,<br />
launching a new virtual environment, adding computers to<br />
the network or even leaving systems “as is”, new<br />
vulnerabilities constantly present themselves.<br />
BAI <strong>Security</strong>’s IT <strong>Security</strong> Assessment options include<br />
Vulnerability Scanning & Penetration Testing, Social<br />
Engineering, Firewall, Wireless Network and Antivirus<br />
Protection Evaluations, Network Ad<strong>min</strong>istrative and<br />
Facility <strong>Security</strong> Best Practice Evaluations, Endpoint<br />
Compromise and Rogue Device Detection Exercises, as<br />
well as other enhancement options.<br />
Controls Audit<br />
BAI <strong>Security</strong>’s Controls Audit verifies an organization’s<br />
existing controls against specific compliance standards. It<br />
has developed multiple controls testing methodologies<br />
based on industry standards, current and upco<strong>min</strong>g<br />
18<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Michael Bruck<br />
President & CTO<br />
regulations, as well as industry bestpractices.<br />
Compromise Assessment<br />
<strong>The</strong> company’s Compromise<br />
Assessment helps clients to deter<strong>min</strong>e<br />
what malicious code exists within the<br />
enterprise through a short-term<br />
deployment of highly-specialized,<br />
nonintrusive forensic software on all<br />
endpoints.<br />
Threat Radar<br />
Threat Radar is a 24/7 managed service<br />
that can find malware in real-time;<br />
even malware that is undetectable by<br />
traditional antivirus systems. It’s based<br />
on a new behavioral approach and can<br />
dramatically reduce the detection time<br />
of malware, so a breach does not have<br />
time to occur.<br />
Social Engineering<br />
As a nationally-recognized audit firm,<br />
BAI provides one of the most robust<br />
offerings in the industry. <strong>The</strong> company<br />
has dozens of real-world scenarios<br />
used in actual breach activity or<br />
custom scenarios can be created to<br />
“<br />
Our mission<br />
and goals<br />
revolve around<br />
the customer<br />
experience<br />
collect all types of<br />
sensitive data.<br />
Whether you need a<br />
single engagement or an annual plan<br />
with frequent testing and multiple<br />
social engineering scenarios, they can<br />
help you build a security conscious<br />
culture.<br />
Marvelous Behind the Success<br />
Michael Bruck, President and CTO<br />
of BAI <strong>Security</strong>, since for<strong>min</strong>g the<br />
company in 2007, Michael has led BAI<br />
<strong>Security</strong> as a trusted partner to more<br />
than a thousand organizations in highly<br />
regulated industries within the US<br />
alone. A fledgling IT services firm<br />
became Cybersecurity <strong>Solution</strong>s<br />
innovator with more than 20 years of<br />
IT, business development, and<br />
customer relationship expertise.<br />
Listening to the specific needs of<br />
clients and combining that with<br />
expertise in modern-day threats to<br />
develop industry-leading services<br />
exceeding those available in the<br />
marketplace today, has been the<br />
passion Michael has always followed.<br />
Michael works directly with BAI’s<br />
client base and continues to look for<br />
new ways for the firm to help<br />
“<br />
organizations protect themselves from<br />
Cyber security threats while exceeding<br />
customers’ expectations.<br />
Standing Apart From the Crowd<br />
with Unique Services<br />
<strong>The</strong> company stands apart from its<br />
competitors due to factors including<br />
Thorough audits, leading edge security<br />
capabilities, quality executive summary<br />
and technical reports, thorough and<br />
easy to understand, competitively<br />
priced, in-house audit team of IT<br />
security experts rather than<br />
outsourcing work, strong<br />
communication with clients, flexible<br />
service and helpful communication<br />
beyond the audit.<br />
BAI <strong>Security</strong> has been a trusted<br />
resource in finance, healthcare,<br />
insurance, utility, and other key<br />
industries, with over a thousand<br />
customers in highly regulated<br />
industries. <strong>The</strong>y want to ensure that<br />
organizations of all sizes, that are<br />
keenly serious about their security<br />
posture, have access to truly top-shelf<br />
audit and compliance services in the<br />
most cost-effective manner possible.<br />
November 2016 19
Code Dx:<br />
A Software Vulnerability<br />
Correlation and Management System<br />
Most computer security incidents can be traced<br />
back to weaknesses in software that were<br />
inadvertently put there when the code was<br />
developed. Attackers can–and very often do–find and<br />
exploit such weaknesses as a means to attack organizations’<br />
applications. Information security has focused primarily on<br />
network security and less on securing the software that<br />
resides on networks and poses risks. Numerous Application<br />
<strong>Security</strong> Testing (AST) tools help software developers and<br />
security analysts find vulnerabilities during all stages of the<br />
software development lifecycle, but many don’t use these<br />
tools until it’s too late.<br />
Code Dx Enterprise is a software vulnerability correlation<br />
and management system that consolidates and normalizes<br />
software vulnerabilities detected by multiple static<br />
application security testing (SAST) and dynamic<br />
application security testing (DAST) tools, as well as the<br />
results of manual code reviews. Code Dx addresses several<br />
obstacles to deploying secure software: the high cost of<br />
using multiple AST tools; combining and correlating the<br />
results of multiple tools into one format; and prioritizing<br />
vulnerabilities for easy remediation and reporting.<br />
Code Dx overcomes these obstacles by first providing an<br />
easy-to-use and affordable tool that automatically selects,<br />
configures and runs open-source software tools for the<br />
user’s specific code base. It also correlates and<br />
de-duplicates the results of multiple commercial and<br />
open-source static source code and DAST tools. Finally, it<br />
provides a vulnerability management solution that helps<br />
prioritize vulnerabilities, assign them to developers for<br />
remediation and track the remediation process.<br />
Uniqueness of Code Dx<br />
Code Dx differentiates itself from its competitors on ease of<br />
use, lower cost, the number and types of static and dynamic<br />
testing tools supported, and seamless integration into<br />
software development environments. In the business of<br />
making software more secure, Code DX helps software<br />
developers, testers and security analysts find vulnerabilities<br />
before the attackers can exploit them. It provides easy and<br />
affordable application vulnerability correlation and<br />
management systems that enable users to search for and<br />
manage vulnerabilities in software.<br />
<strong>The</strong> award-winning Code Dx solution integrates the results<br />
of multiple static and DAST tools and manual reviews into<br />
a consolidated set of results for quick and easy triage,<br />
prioritization and remediation. By offering the hybrid<br />
combination of findings from static and dynamic<br />
application security testing, Code Dx provides users with<br />
broader vulnerability testing coverage to better identify<br />
those vulnerabilities which are easily accessible to an<br />
external attacker.<br />
Service with Satisfaction<br />
Code Dx addresses a number of issues across its diverse<br />
clientele. For those who are relatively new to application<br />
security, Code Dx offers support for understanding the<br />
output of the testing tools embedded within Code Dx. In<br />
fact, the company has been lauded by several customers for<br />
20<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
“Find, prioritize, and<br />
manage software<br />
vulnerabilities – fast<br />
“<br />
and affordably<br />
Anita D’Amico<br />
CEO<br />
its excellent support. For the veterans<br />
of application security, it addresses<br />
their need for customization. For<br />
example, Code Dx can be used to<br />
prioritize vulnerabilities based on an<br />
organization’s unique perception of<br />
threats to their applications,<br />
incorporate the results of manual code<br />
reviews, and produce reports<br />
customized to each organization’s<br />
needs.<br />
Prime Mover of Code Dx<br />
Anita D’Amico, CEO of Code Dx, is<br />
a Ph.D. in psychology and a thought<br />
leader in the cyber security industry.<br />
Information <strong>Security</strong> Buzz credited her<br />
with being responsible for one of the<br />
top five product names in cyber<br />
security; she ‘ingeniously thought of a<br />
simple name for a complex topic –<br />
software vulnerability management.’<br />
Anita has been in the cyber security<br />
industry for more than 20 years –<br />
starting as the head of Northrop<br />
Grumman’s first Information Warfare<br />
team. She is a human factors<br />
psychologist, a specialist in cyber<br />
security situational awareness and a<br />
security researcher. She is also a selfproclaimed<br />
‘starter-upper.’ She<br />
develops a vision and fuels it with the<br />
energy, communication and leadership<br />
that is needed to make that vision a<br />
reality. Anita has done this repeatedly<br />
throughout her 35+ years in advanced<br />
technology and is currently doing it as<br />
CEO of Code Dx.<br />
In just under two years, Anita has taken<br />
Code Dx from a product idea to a<br />
<strong>success</strong>ful company offering multiple<br />
solutions being used by organizations<br />
of all shapes and sizes to protect<br />
software from malicious attacks. Under<br />
her leadership, Code Dx has won<br />
multiple awards for its innovation.<br />
Valuable for Customer<br />
Top Code Dx customers include large<br />
financial institutions, health care<br />
systems, defense contractors, and state<br />
and federal government agencies. <strong>The</strong>y<br />
see Code Dx as a valuable addition to<br />
their existing investments in AST.<br />
Code Dx increases the value of its<br />
commercial tool chest with the<br />
addition of results from open-source<br />
tools. It also enables enterprises to<br />
augment their application security<br />
testing program by economically<br />
distributing AST tools to a broader<br />
audience of developers in their<br />
organization while maintaining<br />
commercial AST tools within their<br />
quality assurance and security analysis<br />
functions. With this seamless<br />
integration and use of open-source and<br />
commercial AST tools through Code<br />
Dx, security reviews are performed<br />
earlier and more frequently in the<br />
software development lifecycle,<br />
reducing the time to develop and<br />
secure production-ready software, and<br />
decreasing organizational application<br />
security risk. Finally, Code Dx’s ability<br />
to automatically correlate, consolidate<br />
and de-duplicate results from multiple<br />
AST tools saves weeks of time.<br />
November 2016 21
CXO Standpaoint<br />
Assured<br />
Motion For<br />
Any Vehicle<br />
PS has been a boon for the world of transportation<br />
Gin general and for the robotics industry in<br />
particular. Despite this, robots have failed to<br />
permeate our world. <strong>The</strong>y still lose track of where they are<br />
and as we see in the news both military and commercial<br />
drones fall out of the sky. After years of using robots to<br />
solve difficult, real world problems such as land<strong>min</strong>e<br />
detection, mapping out the hazardous chemicals and<br />
detecting radiation, 5D came to realize that reliable, useful<br />
behavior is dependent on accurate positioning. GPS lacks<br />
accuracy and doesn’t work indoors. For instance, GPS<br />
systems often still think you are on the highway, even after<br />
you take an exit. Vision and laser systems can be used to aid<br />
in localization and 5D has incorporated a great deal of those<br />
technologies to aid in navigation. Unfortunately, neither<br />
lasers nor cameras can see around corners and are easily<br />
disrupted by dust, rain, snow, and dynamic environments.<br />
This lack of reliability reduces value of mobile robots<br />
across the board and impacts hopes of more efficient,<br />
autonomous driving.<br />
To address this problem, 5D created and patented a<br />
technology that provides reliable, centimeter level accuracy<br />
and reliable behavior in any environment. <strong>The</strong> 5D module<br />
embodies this technology, including an innovative<br />
Ultra-Wideband necessary to provide accurate position,<br />
orientation and behavior software for safety and<br />
autonomous navigation. <strong>The</strong> reliability and accuracy have<br />
been proven for land<strong>min</strong>e detection, squad support missions<br />
and hazmat environments for both ground vehicles and<br />
drones in the military. Now we are bringing the technology<br />
into a variety of commercial environments starting with<br />
heavy equipment and moving towards intelligent<br />
transportation. <strong>The</strong> technology can go onto people, robots,<br />
drones, automotive systems and anything else you might<br />
want to track.<br />
<strong>The</strong>re are two complementary ways to use the 5D module.<br />
<strong>The</strong> first uses relative positioning to allow safe motion,<br />
obstacle avoidance, follow, wagon training and a host of<br />
vehicle to vehicle applications. In this relative frame of<br />
reference the modules link to each other without any<br />
dependence on GPS or a global reference frame and no<br />
modules are necessary in the infrastructure. Like neuronsin<br />
the brain, modules that support a particular function work<br />
together and specific clusters of modules can dedicate<br />
themselves to a particular function while still maintaining<br />
recursive awareness to a larger ecosystem.<br />
<strong>The</strong> second way to use the technology is as an absolute<br />
position reference where modules in the environment can<br />
be a GPS enhancement. In this model, applications<br />
designed around GPS can work as intended, but with much<br />
higher reliability and accuracy. With the 5D module it is<br />
possible to accurately judge follow distance and perform<br />
predictive braking. Within <strong>min</strong>utes, it is possible to add the<br />
22<br />
November 2016
CXO Standpaoint<br />
CXO Standpaoint<br />
modules to just about any<br />
environment. We anticipate<br />
building modules into light<br />
fixtures, traffic lights and<br />
roadside equipment. We are<br />
already contracted to move the<br />
technology into a variety of<br />
heavy equipment applications<br />
for forklifts, scissor lifts and<br />
other equipment. <strong>The</strong><br />
technology has the ability to<br />
impact construction, <strong>min</strong>ing,<br />
logistics and energy sectors. In<br />
the burgeoning drone world,<br />
5D has shown that we can<br />
replace or enhance existing<br />
GPS dependency, allowing<br />
drones to provide more<br />
accurate surveying, mapping<br />
and data collection for<br />
surveillance, security and<br />
inspection.<br />
One of the most exciting future<br />
opportunities is smart mobility<br />
applications. Beginning in<br />
closed environments like<br />
campuses and resorts,<br />
off-highway personal mobility<br />
systems can meet you<br />
wherever you need a lift and<br />
drive you on dedicated routes<br />
to your destination using<br />
existing paths. You never have<br />
to go somewhere to pick it up<br />
or drop it off. It just goes on to<br />
the next closest person who<br />
needs a lift. Across all these<br />
applications, the 5D modules<br />
provide a crosscutting, interoperable<br />
solution and help us create intelligent<br />
ecosystems where everything is safer and<br />
more efficient. <strong>The</strong> benefits extend not only to robotics, but<br />
also include big data analytics where the 5D modules<br />
provide the ability to collect and accurately position a<br />
variety of data. <strong>The</strong> precision of this data allows for both<br />
analysis and prediction at a level never before possible,<br />
allowing increased efficiency and awareness across<br />
countless applications.<br />
David Bruemmer<br />
CEO & Co-founder<br />
5 D Robotics<br />
November 2016 23
Editor’s Perspectives<br />
Network <strong>Security</strong><br />
Threats & <strong>Solution</strong>s<br />
November 3, 1988, is considered as a turning point<br />
in the world of Internet. 25 Years ago a Cornell<br />
University graduate student created first computer<br />
worm on the Internet, “Morris Worm.” <strong>The</strong> Morris worm<br />
was not a destructive worm, but it permanently changed the<br />
culture of the Internet. Before Morris unleashed his worm,<br />
the Internet was like a small town where people thought<br />
little of leaving their doors unlocked. Internet security was<br />
seen as a mostly theoretical problem, and software vendors<br />
treated security flaws as a low priority.<br />
Today, there is a paradigm shift, Morris worm was<br />
motivated more by intellectual curiosity than malice, but it<br />
is not the case today. According to a 2015 Report, 71% of<br />
represented organizations experienced, at least, one<br />
<strong>success</strong>ful cyber attack in the preceding 12 months (up<br />
from 62% the year prior).<br />
According to survey report, discloses that, among 5500<br />
companies in 26 countries around the world, 90% of<br />
businesses admitted a security incident. Additionally, 46%<br />
of the firms lost sensitive data due to an internal or external<br />
security threat. On average enterprises pay US$551,000 to<br />
recover from a security breach. Small and Medium business<br />
spend 38K.<br />
Incidents involving the security failure of a third-party<br />
contractor, fraud by employees, cyber espionage, and<br />
network intrusion appear to be the most damaging for large<br />
enterprises, with average total losses significantly above<br />
other types of the security incident.<br />
Let’s Take a Look at Recurrent <strong>Security</strong> Threats Types-<br />
Denial of Service Attacks<br />
A denial of service (DoS) attack is an incident in which a<br />
user or organization is deprived of the services of a resource<br />
24<br />
they would normally expect to have. <strong>The</strong>se attacks are very<br />
common, accounting for more than one-third of all network<br />
attacks reviewed in the report. A standard approach is to<br />
overload the resource with illegitimate requests for service.<br />
Brute Force Attacks<br />
Brute force attack tries to kick down the front door. It’s a<br />
trial-and-error attempt to guess a system’s password. <strong>The</strong><br />
Brute Force Attack password cracker software simply uses<br />
all possible combinations to figure out passwords for a<br />
computer or a network server. It is simple and does not<br />
employ any inventive techniques.<br />
Identity Spoofing<br />
IP spoofing, also known as IP address forgery. <strong>The</strong> hijacker<br />
obtains the IP address of a legitimate host and alters packet<br />
headers so that the regular host appears to be the source. An<br />
attacker might also use special programs to construct IP<br />
packets that seem to originate from valid addresses inside<br />
the corporate intranet.<br />
Browser Attacks<br />
Browser-based attacks target end users who are browsing<br />
the internet which in turn can spread in the whole enterprise<br />
network. <strong>The</strong> attacks may encourage them to unwittingly<br />
download malware disguised as a fake software update or<br />
application. Malicious and compromised websites can also<br />
force malware onto visitors’ systems.<br />
SSL/TLS Attacks<br />
Transport layer security (TLS) ensures the integrity of data<br />
transmitted between two parties (server and client) and also<br />
provides strong authentication for both sides. SSL/TLS<br />
attacks aim to intercept data that is sent over an encrypted<br />
connection. A <strong>success</strong>ful attack enables access to the<br />
unencrypted information. Secure Sockets Layer (SSL)<br />
attacks were more widespread in late 2014, but they remain<br />
November 2016
Editor’s Perspectives<br />
pro<strong>min</strong>ent today, accounting for 6% of<br />
all network attacks analyzed.<br />
Network <strong>Security</strong> is an essential<br />
element in any organization’s network<br />
infrastructure. <strong>Companies</strong> are boosting<br />
their investments in proactive control<br />
and threat intelligence services, along<br />
with better wireless security, nextgeneration<br />
firewalls and increasingly<br />
advanced malware detection. <strong>The</strong> U.S.<br />
Federal Government has spent $<strong>10</strong>0<br />
billion on cyber security over the past<br />
decade, $14 billion budgeted for 2016.<br />
Increased use of technology helps<br />
enterprises to maintain the competitive<br />
edge, most businesses are required to<br />
employ IT security personnel full-time<br />
to ensure networks are shielded from<br />
the rapidly growing industry of cyber<br />
crime. Following are the methods used<br />
by security specialists to full proof<br />
enterprise network systems-<br />
Penetration Testing<br />
Penetration testing is a form of hacking<br />
which network security professionals<br />
use as a tool to test a network for any<br />
25<br />
vulnerabilities. During penetration<br />
testing IT professionals use the same<br />
methods that hackers use to exploit a<br />
network to identify network security<br />
breaches.<br />
Intrusion Detection<br />
Intrusion detection systems are capable<br />
of identifying suspicious activities or<br />
acts of unauthorized access over an<br />
enterprise network. <strong>The</strong> exa<strong>min</strong>ation<br />
includes a malware scan, review of<br />
general network activity, system<br />
vulnerability check, illegal program<br />
check, file settings monitoring, and any<br />
other activities that are out of the<br />
ordinary.<br />
Network Access Control<br />
Network Access Controls are delivered<br />
using different methods to control<br />
network access by the end user. NACs<br />
offer a defined security policy which is<br />
supported by a network access server<br />
that provides the necessary access<br />
authentication and authorization.<br />
Network <strong>Security</strong> is a race against<br />
threats, and many organizations are a<br />
part of this race to help enterprises to<br />
secure their network systems.<br />
Organizations like IBM, Symantec,<br />
Microsoft have created solutions to<br />
counter the global problem of network<br />
security threat. <strong>The</strong>se cutting-edge<br />
products show genuine promise and<br />
are already being used by enlightened<br />
companies.<br />
Good Network <strong>Security</strong> <strong>Solution</strong>s<br />
Traits<br />
A real security solution should have<br />
four major characteristics;<br />
Detect Threats<br />
Targeted attacks are multi-faceted and<br />
specially designed to evade many point<br />
technologies attempting to identify and<br />
block them. Once they are inside, the<br />
only way to find these cyber threats is<br />
to understand the behavior of the<br />
individual attack components and use<br />
analytics to understand their<br />
relationships.<br />
Respond Continuously<br />
Today it is not important that an<br />
organization will be attacked, but<br />
November 2016
Chalk Talk<br />
Editor’s Perspectives<br />
important and more crucial is to<br />
identify when and how much they can<br />
limit the impact and contain their<br />
exposure. This means having the<br />
capability to respond quickly once the<br />
initial incident has been discovered.<br />
Prevent Attacks<br />
Malware is gettings quick-witted day<br />
by day. <strong>The</strong>y utilize heuristics to<br />
change their code dynamically. A<br />
capable solution should have an<br />
adaptive architecture that evolves with<br />
the changing environment, and threats<br />
today's business faces.<br />
Integration<br />
Today’s threats have multiple facets,<br />
and a single software or solution is not<br />
sufficient. Protection system should<br />
have the capability to integrate with<br />
other security tools from different<br />
vendors to work together as a single<br />
protection system, acting as connective<br />
tissue for today’s disjointed cyber<br />
security infrastructure.<br />
<strong>Solution</strong>s In Market<br />
Like infectious diseases, cyber threats<br />
will never be eradicated entirely, but<br />
they can be better contained and<br />
understood, and their effects<br />
<strong>min</strong>imized. How can this be achieved?<br />
IBM has built an enterprise-level<br />
“immune system,” an adaptive security<br />
architecture to battle today’s cyber<br />
pathogens. IBM has developed a vast<br />
fleet of products, QRadar, X-Force<br />
Threat Intelligence, Trusteer Pinpoint<br />
Malware Detection, IBM Threat<br />
Protection System a dynamic,<br />
integrated system to meddle the<br />
lifecycle of advanced attacks and<br />
prevent loss.<br />
<strong>The</strong> IBM Threat Protection System<br />
integrates with 450 security tools from<br />
over <strong>10</strong>0 vendors acting as connective<br />
tissue for today’s disjointed cyber<br />
security infrastructure.<br />
Symantec is another major player in<br />
catering enterprise network security<br />
systems with Symantec Advanced<br />
Threat Protection. Symantec ATP<br />
operates via a single console and works<br />
across endpoints, networks, and<br />
emails, integrating with Symantec<br />
Endpoint Protection (SEP), and<br />
Symantec Email <strong>Security</strong> cloud, which<br />
means organizations do not need to<br />
deploy any new endpoint agents.<br />
Symantec says, ATP is the only threat<br />
protection appliance that can work<br />
with all three sensors without requiring<br />
additional endpoint agents. With ATP,<br />
Symantec’s goal is to deliver<br />
end-to-end threat protection,<br />
prevention, detection, and response in<br />
a single pane of glass, offering more<br />
value to businesses than individual<br />
point products can provide. Symantec<br />
Advanced Threat Protection combines<br />
multiple layers of prevention,<br />
detection, and response.<br />
November 2016 26
CodeSealer:<br />
Invisible end-to-end<br />
Web <strong>Security</strong><br />
In the last few years, the rise of mobility and cloud has<br />
changed the human interface with technology. All the<br />
data is being stored in the sky, and customers all over<br />
the world has acquired the technology as it facilitate their<br />
every single act. Anyone can share data in the air and<br />
authorized person at the other corner of the world can<br />
access it in moments. But the presence of data in the cloud<br />
also demands the invincible security. Customers expect the<br />
companies—who invent technology—to close the<br />
loopholes in their own technology and protect them,<br />
customers also expects the legislators—they choose to<br />
govern—to enforce new and stronger regulations for their<br />
protection, but still there is nothing like a story on front of a<br />
newspaper, something than can cause a severe disruption in<br />
the customer’s business.<br />
This forced the <strong>Companies</strong> to invest billions to protect their<br />
own customer’s data and infrastructure, behind the firewall,<br />
but only a few have <strong>success</strong>fully secured their customers<br />
and users in front of the firewall. <strong>The</strong> whole scenario of the<br />
web security can be hence summed into –“Customers<br />
Expects It, Regulators Enforce It, Press Loves It!”<br />
A Company Founded Exclusively to Enhance Web<br />
<strong>Security</strong><br />
According to an authentic market research, about 20,000<br />
new malware versions are introduced daily. 75% of all<br />
devices are stimulated infected, and more than 40% of all<br />
users have been attacked–often without realizing it. Cyber<br />
crime has today surpassed physical theft and while physical<br />
robbery may lead to arrest, cyber cri<strong>min</strong>als ordinarily<br />
continue doing illegitimate acts sitting in a remote area and<br />
in countries where it becomes difficult to prosecute them.<br />
Knowing that “Physically, you can rob one bank at a time;<br />
but sitting on a computer, you can rob <strong>10</strong>0 million bank<br />
users,” cyber crime is at the zenith today.<br />
Realizing the need of the era, Martin Boesgaard, a<br />
well-known name within the IT security industry, founded<br />
CodeSealer in 2011 with the sole motive of <strong>min</strong>imizing<br />
cyber attacks.<br />
CodeSealer: A Trusted Partner in Web Session<br />
Protection<br />
CodeSealer, an international company residing in<br />
Copenhagen, protects its customers against<br />
Man-in-the-Browser and Man-in-the-Middle attacks.<br />
Where other companies protect by installing software on<br />
the device, CodeSealer is completely invisible to the user<br />
and also protects against unknown malicious malware and<br />
on infected devices.<br />
While protection of the customers and their data is<br />
beco<strong>min</strong>g increasingly important, only a few companies<br />
provide security against web attacks. That’s when<br />
CodeSealer becomes the perfect choice for the customers<br />
which provides completely invisible protection.<br />
CodeSealer today holds several patents and where other<br />
solutions use traditional solutions including signatures and<br />
blacklisting, CodeSealer is going another way and today<br />
have what has been identified as a unique solution. <strong>The</strong><br />
solution is deployed on existing platforms and<br />
infrastructure, without any additional hardware, and upon<br />
deployment, all the users get immediately protected.<br />
Highly Acclaimed Products<br />
Today when many companies have spread out their focus,<br />
CodeSealer remain focused on protection of web usage.<br />
CodeSealer offers two products providing full support<br />
against web attacks.<br />
<strong>The</strong>ir product consists of a built-in and dynamic<br />
28<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Tonny Rabjerg<br />
CEO<br />
“We detect and prevent<br />
advanced attacks in online<br />
channels, Secure<br />
online banking, public<br />
& corporate institutions,<br />
and Online Session<br />
<strong>Security</strong><br />
“<br />
boot-loader, which ensures the session<br />
and handling by running obfuscated<br />
JavaScript, setting up session keys and<br />
their own encryption all the way into<br />
the JavaScript engine at the client. <strong>The</strong><br />
Bootloader was first sold more than 3<br />
years ago and today process more than<br />
30 million transactions per day, as part<br />
of a sector wide solution.<br />
<strong>The</strong> browser is protected by<br />
encapsulating the client and constantly<br />
monitoring illegal changes, using<br />
integrity checks. If an attack is seen<br />
CodeSealer aborts the session and<br />
provides notification to the company.<br />
CodeSealer’s solution has a built-in<br />
dashboard, but the flexible solution<br />
also allows integration to the<br />
companies existing SEIM solutions.<br />
Tonny Rabjerg: Highly Motivated<br />
Leader with Vast Experience<br />
Tonny Rabjerg, CEO of CodeSealer<br />
has a broad international leadership<br />
experience within IT. Working for<br />
more than 30 years with application<br />
development and operation within<br />
companies such as SAS, Amadeus,<br />
Star Alliance and Danske Bank, he has<br />
a deep insight in IT Management. In<br />
his latest role, Tonny was responsible<br />
for Creation and Management of<br />
Danske IT and Support Services<br />
Indian, Private Limited, a subsidiary<br />
owned by a large Danish bank,<br />
managing more than 750 IT<br />
consultants and employees. Being<br />
appointed as a CEO of <strong>Security</strong><br />
Ensuring Company, Tonny asserts<br />
“Entering into the security sectors does<br />
not only allows me to use my previous<br />
experience from the IT industry, but<br />
also an opportunity to see our product<br />
grow and gain market position, in a<br />
very interesting and expanding<br />
market.”<br />
Widening the Reach across the<br />
World<br />
While CodeSealer has been a part of<br />
sector solutions for the past 3 years, the<br />
company is now expanding its focus to<br />
new sectors and markets. <strong>The</strong> company<br />
already has partners in Indonesia,<br />
Dubai, Poland and cooperation with<br />
India, Italy, and Brazil and live<br />
customers in Indonesia. <strong>The</strong> firm was<br />
earlier focused on banks, but recently<br />
widened the focus to cloud solutions,<br />
such as HR and Financial systems,<br />
CRM and public sector, “Our solution<br />
isn’t specific to a sector as long as it is<br />
an online version using a web<br />
browser,” says Tonny.<br />
<strong>Growing</strong> With Unique <strong>Solution</strong>s<br />
CodeSealer has invested more than 50<br />
years of development in its solution<br />
and today has a structured organization<br />
meeting requirements for an innovative<br />
solution and the highest of the quality<br />
in their solution. CodeSealers’ solution<br />
remains unique in the industry as<br />
it protects its end-users from the<br />
invisible - a key element in the<br />
solution. Along with the protection<br />
against unknown malware it increases<br />
the user acceptance and reduce the<br />
maintenance, and hence being accepted<br />
and acknowledged by the large<br />
spectrum of the industry.<br />
November 2016 29
MegaPath:<br />
Single Source for Cloud Communications<br />
and Managed Networks<br />
<strong>The</strong>re comes a point when every organization must<br />
make a decision about its network management. It<br />
becomes important for a business to consider<br />
managed network solutions when the business connects<br />
multiple offices, stores, or sites; or is growing their business<br />
beyond the capacity of existing access lines. <strong>Companies</strong><br />
also feel the need for network management if they strive to<br />
provide secure connectivity to mobile and remote<br />
employees, if they could produce cost savings by<br />
integrating voice and data traffic or they are preparing for<br />
more traffic from video and other high bandwidth<br />
applications. Beco<strong>min</strong>g more difficult to manage and ensure<br />
performance and security, especially given limited staff and<br />
budget resources, also generates the need for a managed<br />
network solution.<br />
Whenever a situation mentioned above or similar condition<br />
provokes businesses, they try to search for a leading<br />
provider of secure access and managed network solutions,<br />
like MegaPath. MegaPath combines the best broadband<br />
connectivity, voice, VPN, cloud, and security technologies<br />
with unmatched network design, deployment, monitoring,<br />
management, reporting, and support capabilities.<br />
MegaPath’s managed network services reduce the cost and<br />
complexity of securely connecting remote sites and users to<br />
their network while providing a single point of contact for<br />
network operations and management.<br />
High Spectrum Services Offered<br />
MegaPath has a long history of adopting best-of-breed<br />
solutions to secure their customers’ data and networks,<br />
including MPLS, IPsec and SSL for businesses of all sizes<br />
and across various verticals.<br />
Currently, MegaPath is focusing its network and security on<br />
SD-WAN, or Software-Defined Wide Area Networking<br />
(SD-WAN), which has gained mass popularity because it’s<br />
easy to deploy and manage, and it’s much less expensive to<br />
deploy than traditional WANs. MegaPath’s SD-WAN<br />
feature set includes: IPsec – full-mesh or hub-spoke<br />
topologies and routing policies, updated in a central<br />
fashion. Dual-WAN Uplinks – aggregates all WAN<br />
connections to distribute traffic over multiple pathways with<br />
built-in load balancing and auto-failover. Real-time Voice<br />
Failover – prioritizes VoIP traffic and routes calls over the<br />
cleanest ISP connection to eli<strong>min</strong>ate dropped calls, choppy<br />
sound quality and echoes. Bi-directional QoS – optimizes<br />
bandwidth in both directions for optimal application<br />
performance. Application Performance Monitoring –<br />
Assesses the performance of critical applications with the<br />
ability to alert IT staff. Centralized Monitoring and<br />
Management – Simplifies the deployment and management<br />
of branch-office WANs. Managed Firewall – leverages<br />
CPE appliances and central management, to act as the first<br />
line of defense against intrusions and other network threats.<br />
Unified Threat Management – provides comprehensive,<br />
multi-layered security that safeguards a business’s network<br />
and information assets against viruses, malware, and<br />
emerging cyber threats.<br />
Along with the above services, MegaPath provides<br />
Managed WiFi, which includes the design, configuration,<br />
installation, monitoring, and management of a business’s<br />
secure wireless network. <strong>The</strong> solution provides full<br />
separation of guest and corporate access, thereby securing<br />
corporate data from unauthorized public users. <strong>The</strong> solution<br />
also supports Active Directory integration allowing<br />
identity-based firewall security, providing more flexibility<br />
to enforce policies based on user and group identities and<br />
the point of access.<br />
MegaPath provides managed solutions for Small &<br />
Medium Businesses and Enterprise Businesses. <strong>The</strong><br />
company provides solutions for various industries like<br />
Healthcare, Insurance, Finance, Restaurant and Retail.<br />
Driving Force behind MegaPath<br />
D. Craig Young, Chairman and CEO of MegaPath has<br />
over 30 years of experience in the telecom and data<br />
communications industry. Since joining MegaPath in July<br />
2004, his primary focus has been to create a world class<br />
30<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
D. Craig Young<br />
Chairman and CEO<br />
“<br />
Reliable technology<br />
services and support from<br />
MegaPath help you keep<br />
your business up and<br />
running smoothly so you<br />
can deliver great service<br />
to your customers<br />
“<br />
managed IP services company that<br />
provides businesses the ability to easily<br />
and securely communicate between<br />
their headquarters, employees and<br />
business partners. Craig has driven the<br />
company’s growth by relentlessly<br />
focusing on improvements to the<br />
customer experience, ranging from the<br />
products and services offered to the<br />
solution design, installation and<br />
support processes that best benefit the<br />
customers MegaPath serves.<br />
Evolving with the Evolving<br />
Technology<br />
Since its inception in 1996, MegaPath<br />
has had a clear mission to provide the<br />
best technology solutions to businesses<br />
nationwide. <strong>The</strong>y became a VoIP<br />
trailblazer before Internet telephony<br />
became a widely used and understood<br />
concept in the business world. <strong>The</strong>y<br />
have evolved over the years due to<br />
growing and changing needs in the<br />
marketplace. Today, MegaPath is an<br />
all-in-one managed network and<br />
security services, UCaaS, Internet and<br />
cloud IT services provider. <strong>The</strong>y are<br />
hyper-focused on delivering<br />
next-generation networking and cloud<br />
services. In addition to their broad<br />
portfolio of managed network and<br />
security solutions, they continue to<br />
offer one of the most expansive<br />
portfolios of nationwide business-class<br />
connectivity—including cable, copper,<br />
fiber and wireless—as well as<br />
cloud-based offerings including UCaaS<br />
and Cloud IT services.<br />
Unlike most of other communication<br />
service providers, MegaPath provides a<br />
unique combination of core services<br />
nationwide: Network / Internet access<br />
type diversity (e.g. wireless,<br />
broadband, T1, fiber), allowing their<br />
customers to serve all their locations<br />
based on their business needs and<br />
budget at each location; Fullyintegrated<br />
security and threat<br />
management services, leveraging bestof-class<br />
technology vendors; and<br />
Wide-scale SD-WAN capabilities, to<br />
leverage diverse access types while<br />
still maintaining application<br />
performance and data security.<br />
Winning the Clients<br />
Businesses are approaching MegaPath<br />
to resolve their multiple<br />
issues – including controlling costs,<br />
increasing security, simplifying IT,<br />
supporting bring your own device<br />
(BYOD), refreshing outdated<br />
technology, and supporting mobility.<br />
MegaPath’s customers value them as a<br />
one-stop, full-service provider that<br />
delivers the quality and reliable<br />
solutions that simplify the way they do<br />
business – from improving<br />
collaboration and employee<br />
productivity to alleviating the in-house<br />
burden of network and security<br />
management.<br />
For 20 years, businesses have trusted<br />
MegaPath as their single source for<br />
cloud communications and<br />
connectivity.<br />
MegaPath guarantees its reliable<br />
technology services that help its clients<br />
keep their businesses up and running<br />
smoothly so they can deliver great<br />
service to their own customers.<br />
MegaPath assures customer<br />
satisfaction with Industry-Leading<br />
Service Level Agreements, Networking<br />
Performance Monitoring and 24/7/365<br />
Support.<br />
November 2016 31
Features<br />
Why Protecting Your Business from<br />
Cyber Attacks is no Longer Optional?<br />
e live in a growingly networked world,<br />
Wincluding personal banking to government<br />
infrastructure. <strong>The</strong> world has been more<br />
connected than ever with the network of information, while<br />
information has been an essential resource for all businesses<br />
and is the key to the growth and <strong>success</strong>.<br />
Making sure that companies have implemented security<br />
strategies to protect from cyber breaches is vitally<br />
important. <strong>The</strong> <strong>success</strong> of the businesses can be in jeopardy<br />
if enterprise security tactics are not involved in the business<br />
model.<br />
<strong>The</strong> cyber risk is now considered at the top of the<br />
international listing as high profile breaches increase fear of<br />
endangering the business economy and subsequently global<br />
too. <strong>The</strong> cyber crime costs USD 400 billion to the global<br />
economy, according to a report.<br />
and also conventional efforts to shut down the systems and<br />
infrastructure.<br />
Only a few of the biggest cyber crimes get caught while<br />
many go untraced. A significant number of cyber crimes go<br />
undetected, considering industrial espionage where access<br />
to confidential data and documents of difficult to identify. A<br />
possible danger with this kind of breach is that companies<br />
might be at a disadvantage with trades for months or even<br />
years.<br />
<strong>The</strong> migration of data to third party cloud providers has<br />
created a concentration of data in one place and thus, more<br />
opportunity for cyber cri<strong>min</strong>als to create large damage in a<br />
single attack. <strong>The</strong> development of IoT that enables a<br />
machine to machine communication has also raised the<br />
possibility of appliances being manipulated by the cyber<br />
hackers.<br />
Over 3,000 companies in the United States had<br />
compromised their systems in 2013 alone, and the number<br />
only included the companies that reported the breaches.<br />
While many companies avoid reporting the crimes keeping<br />
in <strong>min</strong>d the reputation of the company.<br />
Many of the breaches targeted high profile US retailers<br />
\and Home Depot and stole customer data and credit card<br />
information, while other companies lost money from<br />
accounts, and in some cases, cri<strong>min</strong>als even took over the<br />
companies and demanded money to unlock them.<br />
<strong>The</strong> cyber attacks are mainly categorized into-breaches in<br />
data security and sabotage. Personal data, trade secrets,<br />
intellectual property, prices and mergers, and bids related<br />
information fall in data security breach. Sabotage contains<br />
service attacks that flood web services with fake messages,<br />
32<br />
Despite the best efforts of cyber security experts and<br />
government agencies, cyber crimes are likely to increase.<br />
<strong>The</strong> expanding number of availability of online services and<br />
the increasing sophistication of cyber cri<strong>min</strong>als who want to<br />
play cat and mouse game with the security experts.<br />
Today, 90 percent of companies are insufficiently prepared<br />
to protect their systems against cyber attacks globally.<br />
While the world is beco<strong>min</strong>g more connected through a<br />
network of information, the protection of business systems<br />
from cyber crimes will be the main issue to tackle for many<br />
unprepared companies.<br />
An implementation of a framework with a set of standards<br />
and best practices designed from an input of thousands of<br />
security experts will be the only way to protect and secure<br />
the businesses from cyber attacks.<br />
November 2016
CXO Standpaoint<br />
Technology and Network Convergence:<br />
Forging a Path to Smart Grid,<br />
Smart Cities and Internet of Things<br />
n North America, utilities have<br />
Iinstalled nearly 70 million smart<br />
meters over the last decade. This<br />
technology investment has delivered<br />
tangible value to both utilities and<br />
consumers. But utilities have yet to<br />
realize the full potential of this<br />
platform and the value of the data these<br />
systems generate. This is primarily<br />
due to common challenges that utilities<br />
as well as technology providers have<br />
struggled with:<br />
• Smart meters are viewed mainly as a<br />
cash registers and instruments of<br />
customer billing rather than as<br />
sophisticated sensors that provide a<br />
rich source of data and insight to<br />
improve grid operations.<br />
• For the most part, smart metering<br />
systems have been deployed in<br />
technology “silos,” meaning they run<br />
on purpose-built, largely proprietary<br />
networks that were designed for meter<br />
reading rather than on a standardsbased,<br />
multi-application IP-platform.<br />
• <strong>The</strong>se systems have created a<br />
relative tsunami of new data-more<br />
frequent and detailed usage data, event<br />
data from power outages and voltage<br />
anomalies and meter tamper alerts-data<br />
that utilities are struggling to manage<br />
and create new business value from.<br />
• More than smart meters, the term<br />
“smart grid” implies grid devices,<br />
34<br />
November 2016<br />
Jeff Carkhuff<br />
VP<br />
Itron
CXO Standpaoint<br />
assets and data interacting in real time and with less human<br />
intervention to respond to changing grid conditions. This<br />
degree of interoperability and automation has been elusive<br />
or cost-prohibitive thus far for the low-voltage level of the<br />
network.<br />
·<br />
Most of these challenges are technology-centered, while<br />
some are cultural and organizational, but the upside is that<br />
these challenges are being solved. Information technology<br />
and operational technology are converging rapidly in the<br />
utility and energy space to create a new strategic and<br />
operational reality. This comes none too soon in light of<br />
significant business challenges utilities worldwide are<br />
facing as well as the economic and environmental<br />
challenges we all face.<br />
Led by companies such as Cisco and Itron, a growing<br />
ecosystem of smart grid technology providers have<br />
collaborated to evolve network architecture so that utility<br />
field area networks look and behave much more like<br />
enterprise IT networks. <strong>Solution</strong> providers are also<br />
introducing more distributed intelligence to grid operations<br />
that enable grid assets and devices that are currently<br />
“siloed” to work in concert with one another. In addition,<br />
the available value stream of this network infrastructure<br />
investment is broadening by connecting to emerging<br />
markets and applications such as smart cities and the<br />
Internet of Things (IoT).<br />
<strong>The</strong> heavy lifting really began four years ago when Itron<br />
and Cisco announced an agreement to work together to<br />
re-architect Itron’s widely-deployed OpenWay smart grid<br />
network to IPv6 architecture from Cisco. This joint<br />
development effort, undertaken by the industry leaders in<br />
utility automation and networking, was a watershed effort<br />
in the industry. <strong>The</strong> smart metering network became a<br />
multi-application smart grid and smart city network,<br />
broadening significantly its usefulness and value. A growing<br />
ecosystem of leading smart grid technology providers can<br />
now build to a common reference architecture through the<br />
Connected Grid Cisco Developer Network to accelerate<br />
adoption and spark innovation.<br />
But standards-based, multi-application network architecture<br />
by itself was not enough to address all those challenges.<br />
Itron believes that for the smart grid to deliver on its<br />
promised value, data analysis and action must take place<br />
where it makes most sense–increasingly at the edge of the<br />
network rather than in the utility back office. That’s the<br />
whole idea behind ITRON RIVA, a new distributed<br />
intelligence and advanced communication platform the<br />
company launched this fall.<br />
Distributing intelligence across the network allows us to<br />
economically solve utility problems that couldn’t be<br />
feasibly solved before, greatly increasing the value and<br />
timeliness of smart grid analytic applications as well as the<br />
utilization of network capacity. Specifically, these<br />
development efforts yield a new and common set of<br />
technology attributes for meters, grid sensors and other<br />
types of intelligent devices, whether they come from Itron<br />
or third-party partners who embed the technology or build<br />
to the standard.<br />
35<br />
November 2016
• Locational awareness: For the first time, smart meters<br />
and grid devices know where they are in relation to other<br />
grid assets (feeders, phases, substations, transformers,<br />
distributed generation, other meters, etc.). This “selfawareness”<br />
opens up an entirely new approach to smart grid<br />
use cases and applications.<br />
• “Multilingual” devices: A unified software platform<br />
supports multiple communication/application protocols,<br />
allowing a single meter or grid device to simultaneously<br />
speak the language of distribution automation, load control<br />
and smart metering. This enables highly localized<br />
communication and action among diverse devices, assets<br />
and grid control systems to respond to changing conditions<br />
at the edge of the network.<br />
• Edge processing power: Thanks to Moore’s Law, Itron is<br />
embedding the computing equivalent of a recent generation<br />
smart phone in high-volume meters and grid devices to<br />
enable advanced communications, data processing and<br />
analysis in the edge device.<br />
Standpaoint, ,CXO<br />
“Led by<br />
companies<br />
such as Cisco and Itron,<br />
a growing ecosystem of<br />
smart grid technology<br />
providers have collaborated<br />
to evolve network<br />
architecture so that<br />
utility eld area networks<br />
look and behave much more<br />
like enterprise<br />
IT networks”<br />
,,<br />
Jeff Carkhuff<br />
<strong>The</strong> ability for edge devices to know exactly where they<br />
are, process and analyze data independently and<br />
communicate with other types of devices creates many new<br />
possibilities for improving the accuracy, resolution and<br />
timeliness of analytic applications. A clear opportunity<br />
exists to deliver new business value in areas such as<br />
localized demand response/load control, asset monitoring<br />
and management, outage detection and response,<br />
renewables integration and diversion detection. This<br />
approach allows utilities to put intelligence where it makes<br />
the most sense, whether that’s in the edge device, the field<br />
area network itself or at the enterprise level, meaning<br />
analytics no longer must always take place in the back<br />
office where “tomorrow” or “next week” is no longer good<br />
enough.<br />
Perhaps most interestingly, the Itron Riva distributed<br />
intelligence platform has enabled Itron to revolutionize grid<br />
communications. Known as adaptive communications<br />
technology, this capability incorporates multiple<br />
communications media-RF Mesh, Wi-Fi and Power Line<br />
Carrier-on the same chipset, working in concert to solve<br />
key network performance and connectivity challenges.<br />
Running on the OpenWay smart grid network, adaptive<br />
communications technology always utilizes the fastest and<br />
most reliable communication path for every message and<br />
every link based on location, network operating conditions<br />
and the nature of the application or data. This is true<br />
whether communicating with an office application or<br />
another device on the grid.<br />
This makes deployment of network infrastructure easier,<br />
faster and less costly, while offering a single<br />
communications solution for both dense and difficult urban<br />
environments as well as lower-density areas. Adaptive<br />
communications technology flattens the cost curve during<br />
the latter stages of network deployment when the “hard-toreach”<br />
devices and areas must be addressed. In other words,<br />
it provides a network that continuously self-optimizes based<br />
on geography, topology, operating conditions and business<br />
requirements.<br />
Together, these developments mean that many utilities<br />
throughout the world are in a good position to leverage<br />
these recent and significant advancements in network<br />
architecture, edge intelligence and analytics as they<br />
implement their grid modernization strategies and connect<br />
to broader opportunities such as smart cities and IoT.<br />
<strong>The</strong>re is absolutely no doubt that the convergence of<br />
information technology and operational technology in the<br />
global utility industry will continue and accelerate, and that<br />
technology advancement will continue to outpace the asset<br />
lifecycle paradigm utilities have so long operated within.<br />
Nevertheless, thresholds are reached that warrant a shift in<br />
thinking about how to approach and solve problems. For<br />
tomorrow’s grid, that time is now.<br />
November 2016 36
Nanotech <strong>Security</strong>:<br />
Leader in Anti-Counterfeiting with<br />
Advanced Authentication Products<br />
Counterfeiting is estimated to be a $650 billion<br />
global market that is predicted to swell to over $1<br />
trillion by 2017. To combat fraud, authentication<br />
technology needs to continually stay ahead of<br />
counterfeiters. And that’s what Nanotech <strong>Security</strong> is known<br />
for all around the globe.<br />
Nanotech <strong>Security</strong> is a leading innovator in nano-optic<br />
image technologies for use in anti-counterfeiting<br />
applications. <strong>The</strong> company’s technology counters<br />
ever-evolving threats from modern scanning, photocopying<br />
or photography based counterfeiting techniques.<br />
Nanotech operates through two segments: Optics and<br />
Tactical. <strong>The</strong> Optics segment provides nano-optics and<br />
optical thin film for use in anti-counterfeiting and<br />
authentication processes and products, including currency,<br />
legal documents and commercial products. <strong>The</strong> Tactical<br />
segment designs and sells surveillance and intelligence<br />
gathering equipment for the law enforcement and defense<br />
industries in the United States and Canada.<br />
<strong>The</strong> company is working to enhance security for banknotes,<br />
but also authenticates other potential commercial<br />
applications that includes, legal documents, designer<br />
merchandise, concert tickets, tax-paid stamps, medical &<br />
credit cards, government documents, passports, and<br />
pharmaceuticals.<br />
Integrated Technology Authenticating <strong>Security</strong> and<br />
Branding Images<br />
®<br />
Nanotech’s KolourOptik technology, inspired by a unique<br />
structure found on the wings of the brilliant Blue Morpho<br />
butterfly, creates ease to authenticate security and branding<br />
images through a unique interaction and manipulation of<br />
natural light with a grid of nano-sized indentations.<br />
Nanotech uses patented algorithms coupled with electron<br />
and ion beam technology to embed hundreds of millions of<br />
nano-indentations into a master stamp to create this<br />
technology. <strong>The</strong> technology can be then used to secure and<br />
authenticate products of almost any kind.<br />
®<br />
KolourOptik technology is one of the first nano-optic<br />
technologies to seamlessly integrate into the commercial<br />
manufacturing process; meaning that organizations looking<br />
to add an advanced authentication feature to their products<br />
won’t have to invest significant resources to update<br />
manufacturing. Every KolourOptik image is unique,<br />
because the mastering process involves the most advanced<br />
nano-optic technology. This makes the image exclusive and<br />
matchless, and nearly impossible to replicate with other<br />
technology.<br />
In addition to its nano-optic technology, Nanotech also<br />
produces optical thin film, which offers a high security<br />
device with nano-meter thick layers designed to have<br />
precise color replay depending on the angle of view. This<br />
color-shifting film has been the standard for document<br />
security for over two decades because it is very difficult to<br />
reproduce or simulate, yet it is very simple to use.<br />
An Innovative Leader Showing the Way<br />
Doug Blakeway, CEO of Nanotech, is a lifelong<br />
entrepreneur, having launched and profitably sold a number<br />
of businesses since the beginning of his career as a<br />
draftsman in 1966. In addition to having an unwavering<br />
deter<strong>min</strong>ation and commitment to all his projects, his<br />
<strong>success</strong> can be attributed to independent, innovative<br />
38<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Doug Blakeway<br />
CEO<br />
“We take care of<br />
your <strong>Security</strong>, so<br />
you can take<br />
care of your<br />
businesses<br />
“<br />
thinking, creative deal-making, and an<br />
ability to dream big. He is the inventor<br />
of over <strong>10</strong> patents.<br />
Doug has drawn loyal, smart people to<br />
him by helping others realize their<br />
dreams. Doug is a lifelong learner who<br />
believes in learning something new<br />
every day. In a few short years, he has<br />
turned Nanotech from a small business<br />
into a <strong>success</strong>, purchasing one of its<br />
larger competitors, Fortress Optical<br />
Features.<br />
Serving All Kinds of Clients<br />
Nanotech’s clients appreciate their<br />
great user interaction to help them<br />
understand and realize the value of this<br />
new ‘game changing’ technology. <strong>The</strong><br />
clients usually can be divided into<br />
three groups:<br />
<strong>The</strong> first group is environmental, where<br />
the client appreciates the great benefits<br />
of the technology by not using inks,<br />
pigment or dyes composing the color<br />
used in the products. This turns out to<br />
be a huge benefit in case of embedded<br />
indentations creating the color in the<br />
items, such as blue jeans where the<br />
material is made by using color dyes<br />
and the pollutants of those color dyes<br />
are injected into the rivers and oceans.<br />
<strong>The</strong> next group Nanotech serves is<br />
authentication types, which generally<br />
comments on how unique the<br />
technology is and how they like being<br />
able to incorporate the design directly<br />
onto any material with an ease to see<br />
the bright images, where even<br />
animation or motion can be<br />
incorporated into the authentication of<br />
design. Motion or animation of the<br />
image brings a whole new dimension<br />
to authentication, especially in case of<br />
securing documents as it is almost<br />
impossible to copy or imitate.<br />
<strong>The</strong> third group is branding that<br />
always focuses on the ability to<br />
combine colors to make flesh tones as<br />
well as black and white that are not<br />
available to them today. With<br />
Nanotech’s services, they can now<br />
create a full portrait image in bright<br />
LED- like colors combined with long<br />
range viewing where one can see the<br />
image from across the table or even<br />
across the street. This allows the<br />
design to be very creative,<br />
incorporating brand recognition<br />
with authentication.<br />
Gaining Confidence of Investors<br />
and Industry<br />
“One of the challenges of being in the<br />
field of anti-counterfeiting solutions<br />
for banknotes is the necessity for<br />
absolute client confidentiality. <strong>The</strong><br />
difficulties this condition has<br />
presented to expanding the company<br />
in a public company environment,<br />
where all investors want to know the<br />
details of all contracts the company<br />
has secured, are considerable,” asserts<br />
Doug on challenges one can face in<br />
this industry. Despite this Nanotech<br />
has gained the confidence of the<br />
industry and investors, winning<br />
top ten banknote-issuing authorities<br />
as clients, without publicly na<strong>min</strong>g<br />
any of them.<br />
November 2016 39
Trianz:<br />
Execution Driven<br />
<strong>Security</strong> Firm<br />
As little as a decade ago, the primary focus of<br />
information security and application security was<br />
to assure the security of the data center and thereby<br />
protect corporate assets from threats. Today, the practice of<br />
information security has evolved into a board level<br />
imperative that has to both account for and provide<br />
assurance that all manner of information and assets,<br />
including people and applications, are protected from<br />
threat.<br />
CISOs and the entire C-suite are faced with the challenges<br />
of securing an ever-expanding set of assets encompassed in<br />
private, public and hybrid architectures, provided by<br />
multiple applications, data sources and a growing set of<br />
endpoints and users, and managed in alignment with a<br />
slowly evolving and increasingly complex global regulatory<br />
landscape.<br />
Knowing that Information security strategies must innovate<br />
and mature to become inclusive of people assets as well as<br />
application and data assets and account for a broader set of<br />
technologies and ways of working with internal and third<br />
party resources; Trianz was founded to help leaders in client<br />
organizations, formulate and execute operational strategies<br />
to achieve business results from a senior management<br />
perspective.<br />
A Company Enabling Strategic Execution<br />
Trianz is a dynamic and fast growing firm that helps leaders<br />
in client organizations formulate and execute operational<br />
strategies to achieve business results from a senior<br />
management perspective. Leveraging the Cloud, Analytics,<br />
Digital, and <strong>Security</strong> paradigms, Trianz brings the best of<br />
consulting and technology experiences, execution models<br />
and IP to deliver consistent <strong>success</strong> to clients.<br />
Enabling clients to implement, govern and operate an<br />
information security culture from within is the purpose of<br />
the <strong>Security</strong> Practice at Trianz. <strong>The</strong>ir practice is designed to<br />
help clients implement strategic information security<br />
solutions that address foundational and organizational<br />
business processes while executing typical information<br />
security, risk management, and assurance services. Trianz<br />
have assembled an experienced security practice team with<br />
exceptional execution capabilities in assessments,<br />
architectures, implementation, analytics and operations.<br />
A Leader Driven by Innovation<br />
Chris Mullaney—a multi-talented executive with 20+<br />
years at Microsoft, with an outstanding record of leadership<br />
spanning a wide array of roles in global information<br />
security, regulatory compliance, risk management, antitrust<br />
compliance and program management-recently joined<br />
Trianz as Practice Head—Information <strong>Security</strong>.<br />
As a Head of information security practice at Trianz, Chris<br />
strengthens its existing information security framework and<br />
bring in global best practices to build a world-class<br />
information security practice at Trianz.<br />
C-Suite Responsibilities Today<br />
This innovation maturity strategy is at the heart of Trianz’<br />
approach to information security. <strong>The</strong> goal of business is to<br />
enable: enable clients to do great things with the products<br />
and services they offer; enable employees to innovate and<br />
provide great support to customers; and enable third parties<br />
to securely provide innovative, new products and services<br />
in support of their clients’ businesses.<br />
To secure the environment against threats, many businesses<br />
are focused on developing information security programs<br />
40<br />
November 2016
<strong>The</strong> <strong>10</strong><br />
<strong>Fastest</strong> <strong>Growing</strong><br />
<strong>Security</strong><br />
<strong>Solution</strong> <strong>Provider</strong><br />
<strong>Companies</strong><br />
Chris Mullaney<br />
Practice Head<br />
Information <strong>Security</strong><br />
“We bring business &<br />
technology perspectives<br />
and experience under<br />
one continuum to help<br />
clients achieve results from<br />
a top management<br />
perspective<br />
“<br />
that eli<strong>min</strong>ate threats by disabling their<br />
employees — eli<strong>min</strong>ating access<br />
points, restricting device usage,<br />
limiting application development and<br />
deployment, limiting or denying third<br />
party services in support of business<br />
programs. This practice has the impact<br />
of providing greater security for assets<br />
-if you can’t get to the information, it is<br />
secure by default. However, it also sets<br />
up an organizational “Culture of No.”<br />
<strong>The</strong> Culture of No is a clear deterrent<br />
to innovation which is a death knell for<br />
any business. Because the business<br />
imperative is to grow-to improve<br />
products and services, to improve<br />
experiences for customers — the<br />
Culture of No is an effective security<br />
program only as long as employees<br />
don’t find ways around the controls so<br />
they can do their job and innovate.<br />
Typical <strong>Security</strong> Practice<br />
Trianz’ security consulting services are<br />
focused on helping clients foster the<br />
Culture of Yes and the team is<br />
<strong>success</strong>fully making it true. Whether<br />
Trianz is engaged in assessing client’s<br />
readiness for a particular audit,<br />
standard, regulation or certification or<br />
working with them to implement a<br />
governance program that includes<br />
implementation of a secure operations<br />
center using a DevOps support model,<br />
the team focuses on helping their<br />
clients develop their own Culture of<br />
Yes for information security. This<br />
process starts with understanding the<br />
clients’ business goals and objectives,<br />
current security posture, risk analysis,<br />
risk management profile, architectures<br />
supported and technology strategy. It<br />
includes evaluating each of these areas<br />
for blockers to <strong>success</strong> in<br />
implementation, governance or<br />
organizational policy/structure,<br />
technology choices and<br />
regulatory-audit-compliance<br />
landscape. Next, in concert with the<br />
client, they envision the Culture of Yes<br />
for their information security program<br />
while leveraging guidelines,<br />
techniques, and technologies that<br />
support the overall security<br />
engagement.<br />
Trianz <strong>Security</strong> is mainly focused on<br />
practice areas that includes<br />
assessments, architectures,<br />
implementation, operations, and<br />
analytics.<br />
Measuring Success Completely in<br />
Client Term<br />
With offices in Silicon Valley,<br />
Washington DC Metro, New York,<br />
Dubai, Bengaluru, Mumbai, Delhi<br />
NCR, Chennai and Hyderabad, Trianz<br />
serve a wide range of clients from<br />
Fortune <strong>10</strong>00 to emerging companies<br />
in high tech, insurance, financial<br />
services, retail, manufacturing, life<br />
sciences, public sector and logistics<br />
industries. Over the past decade, Trianz<br />
has developed a reputation for<br />
excellence in execution, enabling<br />
global organizations to achieve results<br />
envisioned by their senior<br />
management. Trianz measures <strong>success</strong><br />
completely in client terms-the impact<br />
created through business execution.<br />
November 2016 41
CXO Standpaoint<br />
Business Applications<br />
for VIRTUAL<br />
and MIXED REALITY<br />
irtual and Mixed Reality<br />
Vtechnologies are stirring up<br />
quite a bit of excitement these<br />
days. Many investment firms and<br />
analysts say that Virtual Reality is the<br />
next big tech revolution after mobile,<br />
and predictions for the industry’s<br />
growth ranges from $70B to $150B by<br />
2020.<br />
Virtual Reality (VR) refers to a<br />
completely immersed experience<br />
where you can’t see or interact with the<br />
world around you. It typically doesn’t<br />
let you interact with others, though<br />
some social experiences are now being<br />
developed for VR. Mixed Reality<br />
(MR) are experiences that let you place<br />
virtual content on top of the real world<br />
and interact with it as though it were a<br />
tangible object, creating a blend of the<br />
physical and digital world.<br />
Adam Sheppard<br />
Co-founder & CEO<br />
8 ninths<br />
Traditionally, the development of these<br />
technologies has been driven by<br />
military and training applications.<br />
More recently, VR and MR is gaining<br />
attention from various industries and it<br />
is an exciting time for companies and<br />
organizations that are looking for an<br />
opportunity to translate business<br />
42<br />
November 2016
CXO Standpaoint<br />
solutions into an immersive media format. New<br />
applications are surfacing across an array of verticals:<br />
Healthcare: Today, doctors often carry paperwork and<br />
consult charts in order to assess their patients. With MR,<br />
physicians and nurses could access this information<br />
digitally and hands-free, allowing them to share it with<br />
fellow staff or even consult doctors across the country.<br />
Education: With VR, complex systems could be visualized<br />
in three dimensions. Teachers can use virtual displays to<br />
show students how blood flows through the heart or take<br />
students on a field trip to a South American rainforest. VR<br />
could also allow realistic, complex training simulations that<br />
take <strong>min</strong>imal resources to create.<br />
Engineering: <strong>The</strong>re are numerous potential applications for<br />
MR and VR in engineering, especially with remote<br />
collaboration. Oil rigs, for example, require constant<br />
monitoring, but it’s not always possible to assign expert<br />
technicians to every location. Equipped with an MR<br />
headset, a maintenance worker could be instructed by<br />
someone on the other side of the world to conduct repairs<br />
properly. Architectural and design projects could also<br />
benefit from MR where multiple people could manipulate<br />
and shape objects within a shared environment.<br />
As new technologies, VR and MR require a different<br />
approach. For any company who wishes to incorporate<br />
these new technologies into their processes, the following<br />
considerations are important to keep in <strong>min</strong>d:<br />
Comfort and Safety<br />
Most VR platforms require you to wear something on your<br />
face. This is a very intimate way to connect to technology<br />
compared to what most people are used to, which is a<br />
screen they can keep at a distance. Thus, ensuring a<br />
comfortable, enjoyable VR experience is important for your<br />
comfort and safety.<br />
VR and MR Do Not Replace Existing Workflows<br />
It can be tempting to consider VR a quick solution to<br />
problem solving. However, it’s important to remember that<br />
VR and MR are not about replacing existing workflows, but<br />
enhancing them. <strong>Companies</strong> should carefully consider their<br />
workflows and identify where MR or VR can be added as a<br />
discrete, important part of the workflow.<br />
Choosing the Right Agency to Work With<br />
Designing for VR and MR is not a simple task. It’s unlike<br />
any other popular software design from the last 20-30 years<br />
and requires an unusual skillset. Designers must think about<br />
the logistics of creating a 3D object; adding different<br />
behaviors and interactions to it that match people’s<br />
expectations of how the object would behave in the real<br />
world; and finally adding in digital properties such as the<br />
ability to resize, annotate, and transform it. In this<br />
environment, drawing on a combination of skills in ga<strong>min</strong>g<br />
and cinema are key in conjunction with the ability to apply<br />
these skillsets to enterprise business problem solving.<br />
Right now people are focused on moving from web to<br />
mobile, but the big question is whether VR technology will<br />
become as commonplace as smartphones. Broader adoption<br />
will probably come in the next three to five years, driven<br />
primarily by the entertainment and media landscape. This<br />
means that finding ways to effectively integrate VR and AR<br />
into a business and operations context will require creativity<br />
to design solutions and a willingness to experiment.<br />
VR represents a real opportunity to improve the quality of<br />
human experience in two ways. First, integrating it into<br />
highly visual and hands-on remote collaboration processes<br />
can be a multiplier for human productivity. It can remove<br />
the need to be physically present, but offers more direct<br />
interactivity than teleconferencing or email. By improving<br />
the efficiency of communicating information, it can reduce<br />
time spent on extraneous workflow and processes.<br />
Second, VR and MR can be used to help people understand<br />
complex data in an intuitive way. Imagine if FedEx could<br />
visualize all of its operations around the world, and how<br />
quickly they could identify areas for improvement for<br />
transportation and logistics.<br />
This is only the tip of the iceberg as far as Virtual and<br />
Mixed Reality is concerned. Over the next few years, VR<br />
and MR will continue to evolve, changing the landscape of<br />
digital media as it finds its way into the hands of more and<br />
more users. To remain innovative and relevant to their<br />
consumers, companies should pay close attention to this<br />
space and begin exploring its potential to benefit their<br />
business today.<br />
November 2016 43