‘Nigeria should take cyber security challenges seriously’
Andrew Vogues is the Threat Prevention Sales Leader, Middle East & Africa, CheckPoint, a multinational provider of software and combined hardware and software products for IT security. He spoke with OLUWATOSIN AREO, on the need for adequate cyber security prevention in the country.
Cyber security is the buzz world around the world because of the devastating attacks. I don’t know if you can share with us an over view of what Checkpoint is doing in that space?
This is a very wide question. Cyber security is on the up-rise and it has been for the last few years. What we focus on at Checkpoint is prevention particularly from cyber security perspective. Traditional security was only at the perimeter. If you look at the different generations of cyber security, generation 1 was the Anti-virus, which was in the mid 90s; 100 per cent of customers globally have some sort of antivirus. Next is generation 2, which is the internet coming into the perimeter, that was the firewalls and gateways and also globally, 100 per cent of customers have some sort of protection around that. Generation three deals with applications, which is Intrusion Prevention System IPS type of attacks, and globally we have seen about 7-15 per cent of customers using IPS. So there is still a lack of security with regards to applications and how to protect applications. In generation 4, we are dealing with attacks that are evasive and polymorphic. With our solutions, you can actually take a file put in the sandbox and inspect the elements of the file, and determine if they are malicious or not. Again seven per cent of customers are using sandboxes today. So there is a big gap with regards to how customers actually secure their current environment. If you look at the various endpoints – mobile, network, cloud, and surfaces, we can contain all attacks on these fronts. At Checkpoint, we have got the Infinity Architecture, which means we can offer the same multilayered security architecture plus all of those services which prevent against all those attacks.
The nature of attacks differ from economies to economies, depending on what the attackers are looking for. Can you share how you synergize solutions to ensure that whatever issue arises here can be resolved as well as in any other economy the issue may arise
Infinity Architecture means that you get the multilayered security approach, if it is an email, an official link, these are different victims and it differs from region to region. But the solutions we provide from the infinity perspective allows for all of those protection across the board-different surfaces, different victims so we protect against all of that. For email region for instance, you get phishing campaigns and you just want to protect against that, that is a point solution and we do not believe in point solutions. Security is a holistic approach; we have to look at the holistic view of security – what is happening at the endpoint, the network, mobile and cloud. If something happens on the network and it is something related to what is happening on mobile you will want to know that these two attacks are related because that is a campaign attack. If you do not have intelligence between your technologies, it will also lack in security posture. This is what Infinity Architecture also provides.
Can you tell us more about fake apps because it comes through Whatsapp in the emerging economy and if we do not do something about it can ravage the whole economy because almost everyone, even the government are on whatsapp?
Our researchers look for vulnerabilities in applications and we have got different teams of R & D that look at certain networks, some look at IPS, mobile devices and they are searching for vulnerabilities in our end-products. Specifically with Whatsapp, we took the algorithms, reversed it then we started to look at the security and the issues surrounding that and started manipulating that and what we saw is the traffic between the application itself and the web version is transparent. So Whatsapp can even see their own data in-between, so that once we did the reversal of the algorithms and manipulated the security we were able to see the messages in between.
What this enables and this is all just vulnerability, we do not know if there have been attacks like these before. We have reported it to WhatsApp/Facebook to say that you have vulnerability; we do not know what they are going to do about it so it is our responsibility to let them know first before we go public. Then we went public and we say there is vulnerability with this, it is not secure and they have to do something to secure that. Last year, we discovered the same thing with Facebook Messenger with respect to the application and the web version; and then manipulated it to get the actual messages. It is not encrypted, so we can see it. It is more of social re-engineering.
If you look at the intention of bad players, it could be a lot of things, could be the campaign manager trying to manipulate messages going to a different campaign, putting things in peoples mouth, etc which is also reputational damage.
There are different agendas for using this type of vulnerabilities. But, the intent for us was to discover the vulnerability, report it so that Whatsapp can actually do something about it because there is an issue with their data imaging.
Looking at the relevance of cyber security for business can you share what solutions checkpoint is proffering to SMEs? We cater for all customers, irrespective of their size. Infinity Architecture is basically where you can actually have everything for a fraction of the price per user, so it is a consumption model. We can sell them solutions they require, if they require point solution, we have got solutions for big enterprises up to SMEs. We also have the consumer division that actually provides consumer products. We offer a very wide range of solutions and the stack, security remains exactly the same because we believe you cannot go for less because then you will be exposed.
When a customer buys into Infinity Architecture it means that he is protected on all surfaces, the endpoint, desktop, network, Mobile, if they are got Office 365 they have the same level of security. They can leverage all that security in one place with one license; they do not have to invest at the network and then endpoint. It is a consumption model.
Currently across the world, elections are upon us. How do governments across the world prevent a recurrence of Cambridge Analytica?
During election time, you need to secure infrastructure and the best way to do that is through a Zero-Day protection, because the attackers are not going to use known type of attacks to get that data, they are going to use social media, vulnerabilities to try and get inside. If there is a campaign running, two different parties running, one party is going to try and put words in the other party’s mouth, if it allows them to do that, they will try it or if it is state owned, a different country trying to get some else in power that can also happen. So you have to secure all the way through, look at all your surfaces, make sure you have got the same security across all the surfaces that can actually give you some feedback on what is happening in your environment, that is the only way you can be secure.
You also need to look at automated remediation, you do not want to allow anything bad onto your network not even for a second because then it will be too late. That’s a Zero-Day function. If something is on the network already then you will have to mitigate but you need something to tell you that something is wrong and what to do to mitigate as soon as possible.
So the two things are to focus on are – make sure you have the same security multilayered security architecture across the different surfaces, network, endpoint, mobile, cloud and also get automated forensics to do the automated remediation for you.