December 2017December 2017
www.insightssuccess.comwww.insightssuccess.com The way of business solutionsThe way of business solutions
The Expert in Domain Data
Solution Providers
2017
10
The
Best Performing
Data Center Security:
Controlling Possible Threats
Info Network
How to Minimize Cyber-Attacks
On Your Organisation
Threat O Cure
Traits to Possess the Best
Enterprise Security
Secure Vision
Educating Employees to Minimize
the Risk of Cyber-Attacks
Editors’ Perspective
IT and Communication
Trends for Critical
Infrastructure
Maven’s Mentorship
What GDPR forgets:
The physical security
Expert’s Insight
Managing Corporate
Communications on
Mobile Devices
Executive Voice

owadays, people are becoming more and more dependent on
Nthe world of web, wherein commercial activities, business
transactions, and government services are comprehended.
This over dependency over the internet has led to a significant rise in
new cyber threats and information security issues which are being
heavily taken advantage of by cyber criminals. As a relevant
example, recent cyber-attacks by “Petya” and “Wannacry” has made
leaders across the world vulnerable and enforced them to think twice
about their cyber-security infrastructure. With Internet breaches
touching millions of dollars, accessibility of these backdoors make
criminals look like geniuses, and the security mavens like Keystone
Kops. Unless authorities can effectively police its entrances,
cyberspace could go on to become a no-go zone. The risk is so high
that most recently even the FBI also came under the attack from the
cyber criminals; the attack exposed as much as 20,000 agency
employees’ personal online records, and another 9,000 Department
of Homeland Security employees were also affected. Back in 2004,
the global cybersecurity market was worth $3.5 billion and expected
to be worth more than $120 billion with the end of 2017. Hence,
within such a short span of time the cybersecurity market grew as
much as 35x.
Still, many of the organizations today are hesitant to announce the
increment of their cyber security budgets due to breaches they have
already suffered, mainly due to the fears of reputational damage.
Still organizations such as J.P Morgan Chase & Co has stated that it
has doubled its annual budget for cyber security and Bank of
America has announced that it has an unlimited cybersecurity
budget. Tech giants such as Microsoft Corp has also announced that
it will continue to invest more than $1 billion annually when it
comes to cybersecurity and R&D.
Spending industry experts are predicting that cybercrimes will
continue to rise even further, and will cost businesses more than $6
trillion annually by 2021. While these threats certainly pose
a significant challenge to IT professionals across sectors, the
determination will only increase as technologies such as cognitive
computing, big data analytics, and the IoT further develop and
influence our increasingly connected world in unprecedented ways.
Enterprises can do their part by sharing threat data and investing in
solutions and infrastructures that are secure by design. As always,
users should exhibit good password hygiene and avoid opening
suspicious or unsolicited emails and attachments.
Cyber Security:
Prevention is
Always Better
than Cure
Editorial
Kaustav Roy

sales@insightssuccess.com
Database Management Steve
Technology Consultant Swapnil Patil
Circulation Manager Robert
Research Analyst Jennifer
Andy, David, Peter,
Kevin, John, Brian
Editor-in-Chief Pooja M. Bansal
Ariana LawrenceSenior Editor
Co-Editors
David Smith
Art & Design Director Amol Kamble
Co-designer Alex Noel
Visualiser David King
Business Development Manager Mike Thomas
Business Development Executives
Marketing Manager William
Nick Adams
Art Editor Shweta Shinde
Picture Editor Rahul Kavanekar
Managing Editor Kaustav Roy
Jacob Thomas
Insights Success Media Tech LLC
555 Metro Place North, Suite 100,
Dublin, OH 43017, United States
Phone - (614)-602-1754
Email: info@insightssuccess.com
For Subscription: www.insightssuccess.com
Insights Success Media and Technology Pvt. Ltd.
Ofce No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk,
Pimple Saudagar, Pune, Maharashtra 411017
Phone - India: 020-69400110, 111, 112
Email: info@insightssuccess.in
For Subscription: www.insightssuccess.in
Corporate Ofces:
December 2017
Copyright © 2017 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights success.
Reprint rights remain solely with Insights Success. Printed and Published by Insights Success Media and Technology Pvt. Ltd.
Sourav Mukherjee

Info Network
Controlling Possible
Threats Expert’s Insight
What GDPR forgates:
The physical security
Maven’s
Mentorship
IT and Communication
Trends for Critical
Infrastructure
28
40
14Editor’s Perpective
Educating Employees
to Minimize the Risk
of Cyber-Attacks
34
22
18
C O V E R S T O R Y
Whois API Inc.:
The Expert in Domain Data
42
Threat O Care
How to Minimize
Cyber-Attacks on
your Organization
Enterprize concern
Traits to Posses the
Best Enterprise Security
Executive Voice
Managing Corporate
Communications on
Mobile Devices
08

certgate GmbH:
Protecting Users Since
Inception
20
onShore Security:
Protecting the Freedom
of Information by
Revolutionizing Cyber
Defense and Governance
24
Seceon:
Detecting and Stopping
Threats that Matter
26
ShadowDragon:
Solving the
Challenges of Modern
Investigations
32
Silent Circle:
Securing Enterprise
Communications in the
Cyber-Espionage Era
38
C O N T E N T S

owadays people are becoming more and more dependent on Internet, where various commercial
Nactivities, various business transactions, and government services are comprehended. However, with
more such usage, the world has seen a sharp rise in cybercrimes and information security issues.
Unfortunately, the web has become a valuable vehicle for criminals to anonymously prey on victims through
cyber breaches and corporate espionage. The dark web now provides platforms for nefarious businesses operations
of all kinds from identity theft, to money laundering, to human trafficking. If that’s not all, Edward Snowdens’
latest leaks have pointed out that various intelligence agencies across the world were using Google, Yahoo,
Microsoft, Facebook, Twitter, and various other global services to keep eyes on their users. Snowdens’ documents
even revealed that, intelligence agencies hack their domestic and foreign companies to wiretap their users.
So, the dire need for competent cybersecurity solution providers has made us to look for “The 10 Best
Performing Cyber Security Solution Providers 2017”. On our cover page we have Whois API, which is a big
data and API company that provides domain, whois, dns, ip, and threat intelligence data to a variety of industries.
Further, we have certgate GmbH, one of the leading German based security solution providers, focused on
mobile security products and solutions. OnShore Security, which is on a mission to protect the freedom of
information by revolutionizing cyber defense and governance. Seceon, OTM provides a simple, fully automated
approach to detecting and stopping the threats that matter. ShadowDragon, who develops digital tools that
simplify the complexities of modern investigations that involve multiple online environments and technologies.
Silent Circle, whose enterprise mobile privacy platform delivers flexible, modular, no-touch deployment with
zero maintenance, hardware or additional manpower required.
So, flip through the pages to more about cyber-crimes. Do not miss out articles viz, ‘Traits to Possess the Best
Enterprise Security’, ‘Educating Employees to Minimize the Risk of Cyber-Attacks’, ‘Data Center
Security: Controlling Possible Threats’, and ‘How to Minimize Cyber-Attacks On Your Organization’. Also,
while flipping the pages please go through CXO Standpoints viz, What GDPR forgets: The physical security by
Gisle M. Eckhoff, CEO of DigiPlex, Managing Corporate Communications on Mobile Devices by Andrew
Silver, Co-founder, Tango Networks, IT and Communication Trends for Critical Infrastructure by Bobbi
Harris, VP of Market Strategy & Development, Utilities Telecom Council.
Tackling the Woes of Cyber Security

X i pjt
BQJJod/;
Ui f Fyqf sujo
Epn bjo Ebub

‘‘‘‘‘‘
‘‘‘‘‘‘
erpetrators who commit
Pcybercrime are in possession of
abundant technical knowledge
in the domain. To make matters
grimmer is the fact that they are
constantly evolving. Hence, with
technology rapidly evolving, so is the
nature of crime. These crimes are
relatively old and will be in existence
as long as computer related accessories
and internet breathes freely in the
society. It should come as no surprise
that our unprepared society and the
world, at large, finds it a lot difficult to
combat against these booming crimes.
To overcome these cybercrimes, Law
enforcement agencies yield help from
industry experts, such as Whois API
Inc., which caters its resources & data
to identify all the connected domains,
websites and IP addresses associated
with such fraudulent activities and the
criminals involved in the same.
Whois API Inc. is a big data and API
company that provides domain,
WHOIS, DNS, IP, and threat
intelligence data to a wide-variety of
industries. It serves its services from
large Fortune-500 companies to small-
sized companies, which include cyber-
security companies, corporations
within a cyber-security division,
government agencies, domain
registries & registrars, brand agents,
marketing data warehouses, banks,
financial institutions and many more.
The Tech-savvy CEO
Technology is rebranding our
organizations & society, and one of the
pillars of technical development started
back in 2002 when Jonathan Zhang
completed his Degree from the
Berkeley University of California. His
extensive experience in the software
industry has helped him in laying the
foundational steps of Whois API Inc. in
2010. Since then, he has been
shouldering the responsibilities that
come being the CEO of an expanding
company.
“I run Whois API Inc, a leading
provider in Whois API Webservice and
Whois Data. I graduated from
University of California, Berkeley with
a bachelor degree in Applied
Mathematics. I enjoy creating products
that can satisfy a meaningful market
demand and companies that have a
viable business model.”- asserts
Jonathan.
Mr. Zhang completed his four years
Bachelors’ degree in Applied
Mathematics and started his career in
the IT sector as a Software Engineer.
He devoted most of his time & skills in
organizational growth, and always
played an important and valuable role
in any organization he worked for.
With his resolute vision of providing
services against cyber-related
problems, he inscribed his footprints as
a resourceful information provider to
organizations and various agencies
related to law, auditors and enterprise
businesses.
Tackling Against the Obstacles of
Cybercrime
To tackle cybercrimes at present and in
future, the company is creating a real-
time whois database and ensuring that
the most up to date and accurate
information is provided to its

customers and clients. The Whois API
body focuses on providing key data
points for domains with the registered
name, data related to organization, e-
mail addresses, registration addresses,
registrar information, updated date,
creation date, expiration date, domain
availability, and domain age. Along
with this, the Cyber Security
researchers use Whois API’s services
for investigating & curbing down
cybercrime. Cyber Security & anti-
malware solution provider use Whois
API information data to detect spams,
malicious websites, intrusions, and
other online misbehaviors. It also
provides data to its competitors, and
these strategies go a long way in
serving its Fortune-500 customers in
the best possible way.
Long-term Relationship Bond
History has witnessed the growth story
of Whois API, due to which it attained
th
18 rank in the Top IT services by
Inc.500 companies in 2017 and had
recorded 1640% growth, cumulatively,
in the last three years. The growth
figure was possible due to its
development-oriented technology
results and with its client retention
strategies. It is continuously striving
hard to analyze and meet the
requirements of its huge customer base
by offering various planning options to
meet their specific business needs. The
company has been particularly active
in engineering tools that gather domain
Whois records, domain availability,
reverse Whois, brand alert, registrant
alert, bulk Whois, DNS lookup, and
email verification. These steps help in
serving the clients for a longer period
of time and sharing a stronger bond
with the clients.
The Future in Cyber Security Sector
The cyber-security service sector will
continue its phenomenal growth in the
next 5-10 years and beyond. Right
now, there are hundreds or even
thousands of cyber-security companies.
However, down the line, a
consolidation will occur where only
the big players will remain in the
market. Seeking future, the company
has also been collaborating with
numerous cybercrime units and
government agencies in identifying
malicious websites, domain and IP
addresses associated with fraudulent
practices, credit card fraud,
geographical locations of possible
offenders, as well as fraud, hackings,
and other online illicit activities. To
cope up with these situations, the
company is collecting data, which is
unified, consistent, well parsed, and
accurate, and providing it through real-
time APIs, Database Downloads, and
online tools. Thus, as long as it holds
data advantage, it will also continue to
hold solid-footprints over the market.
Continuing its Expansion Down the
Road
Dedicated efforts are being deployed in
data development for the company's
customer base which includes
cybercrime units, government
agencies, registrars, domain resellers,
marketing researchers and others. It
(what) continuously strives hard to
understand and meet the demand of its
huge customer base by offering various
planning options to meet their specific
business needs. The company is
striving to be at its best in monitoring
and researching of domains. Its unique
and innovative tools will allow its
customers to monitor, research,
uncover and protect everything related
‘‘
‘‘

to a domain name and cyber-security.
Hence, by providing excellent support
and taking acute feedback concerning
the clients’ needs, Whois API will be
able to help in providing the best-
customized solution to its clients in the
near future.
Securing Devices
According to Whois API, there are few
simple steps needed to be followed in
order to keep a mobile device safe.
Keeping the operating system and apps
updated is super simple and usually
automatic. These updates are often
made by the vendors to block
vulnerabilities found. Mobile devices
also come with built-in security
features that should be utilized.
Reviewing app permissions is a huge
step to keeping a device secure, as
hackers will often try to sneak in
unneeded permissions when an app
installs. The device should be locked
with a passcode, password, fingerprint
or some other sort of access code to
allow only the authorized user access.
Users should always avoid connecting
devices to unsecured Wi-Fi networks,
as using an unsecured network opens
up devices to others who are utilizing
the same network.
While talking about threats, the
organization believes internal threats
are much more successful due to the
access to the data.As an insider, it is
likely to have the sensitive material or
data available to them on a daily basis
without question. An attack from the
inside is also more difficult to detect,
because it’s not always flagged as
security breach and goes unnoticed.
Attacks from the outside usually
require intense hacking and firewall
breaching, while insiders already have
access to the threatened data. Another
internal threat is simply accidental
release or leaking of sensitive
information, with no malicious intent.
Establishing an Organization-Wide
Awareness Campaign
Whois API (It will be better if you use
CEO's name) believes, employee
awareness training is extremely
important in order to keep an
organization safe and secure from
outside attacks. According to (which)
research, 61 percent of organizations
are often exposed to malware or
viruses due to employee ignorance.
Most of the employees are often likely
to open an email from someone they
don't know due to the nature of their
jobs or because they often open emails
from people they don't know for
business purposes, and are therefore
easier to trick into clicking a bad link
or opening a damaging attachment.
Various studies have shown that
traditional training techniques won’t
have a lasting effect on employee
awareness. It’s something that
continually needs to be reinforced and
put in the forefront of their minds. The
behavior needs to be taught over a long
period of time, it isn’t just a one and
done kind of thing. Employee
awareness should start during the
onboarding process for all new
employees, and continue throughout
their career with the company. Regular
testing to reinforce the proper reaction
to suspicious emails may be necessary.
The (CEO) organization also added
that, there’s no need of over-educating
employees with too much information
about threats. Companies should teach
them exactly what they need to know
and what they need to be watchful for,
which is enough. Additionally,
rewarding employees, who effectively
find malicious emails or similar is a
great technique to reinforce the instinct
to be watchful.
This is just the start of a long and fruitful journey. With our
comprehensive Whois products and services, government
agencies & cyber security solution providers can trust the data
providedbyWhoisXmlApiforthreatprevention&investigation!
‘‘
‘‘

Address :
Country :City : State : Zip :
Global Subscription
Date :Name :
Telephone :
Email :
1 Year.......... $250.00(12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00
3 Months ... (03 Issues) .... $70.00 1 Month ...... (01 Issue) ..... $25.00
READ
IT
FIRST
Never Miss an Issue
Yes I would like to subscribe to Insights Success Magazine.
SUBSCRIBE
T O D A Y
Check should be drawn in favor of : INSIGHTS SUCCESS MEDIA TECH LLC
Insights Success Media Tech LLC
555 Metro Place North, Suite 100,
Dublin, OH 43017, United States
Phone - (614)-602-1754,(302)-319-9947
Email: info@insightssuccess.com
For Subscription : www.insightssuccess.com
CORPORATE OFFICE

ManagementCompany Name
Atende Software develops software and use it to create
products and services. We build our Capital Group, which
focuses on developing innovative technology.
Founded in 1991, onShore Security is a leading
provider of managed cyber-security services.
CDNetwork's content delivery network supports its
customers' success by making their websites and
applications secure, reliable, scalable, compliant with local
regulations and high-performing. .
As a pioneer in the development of biometric products and
solutions, DERMALOG has been shaping the world of
security for more than 20 years.
certgate is one of the leading German based security
solution providers, focused on mobile security
products and solutions.
Seceon OTM provides a simple, fully automated
approach to detecting and stopping the threats that
matter.
ShadowDragon develops digital tools that simplify the
complexities of modern investigations that involve
multiple online environments and technologies.
Silent Circle Enterprise mobile privacy platform delivers
flexible, modular, no-touch deployment with zero
maintenance, hardware or additional manpower required.
Whois API Inc. is a big data and API company that
provides domain, whois, dns, ip, and threat intelligence
data to a variety of industries.
Atende Software
www.atendesoftware.pl
Aurionpro Solutions
www.aurionpro.com
onShore Security
www.onshore.com
CDNetworks
www.cdnetworks.com
Paweł Pisarczyk
President
Samir Shah
CEO
Stelios Valavanis
Founder & CEO
Andrew Koo
President & CEO
DERMALOG
Identification
Systems GmbH
www.dermalog.com
Gunther Mull
CEO
Certgate GmbH
www.certgate.com
Jan C. Wendenburg
CEO
Seceon
www.seceon.com
Chandra Pandey
Founder & CEO
ShadowDragon
www.shadowdragon.io
Daniel Clemens
Founder & CEO
Silent Circle
www.silentcircle.com
Gregg Smith
CEO
Whois API
www.whoisxmlapi.com
Jonathan Zhang
CEO
Aurionpro is a leading technology products and solutions
provider that helps enterprises to accelarate digital
innovation, securely and effeciently.
Brief

WHAT
GDPR
FORGETS:
PHYSICAL SECURITY
The EU’s GDPR legislature will have
consequences for every company doing business
in Europe, including American companies. The
new directive promises sizeable fines to anyone that does
not take personal data seriously. Meanwhile, the data
center company DigiPlex urges companies to focus on
another important aspect: physical security.
The General Data Protection Regulation’s (GDPR) purpose
is to harmonize legislation related to personal information
across the EU’s member states. It does however also create
radical challenges for American businesses holding
information on EU customers. Come May 2018, when the
legislation enters into force, companies will have publicly
disclosed how the data is used, in addition to offering
transparency for individuals seeking access to their data.
The GDPR includes a sanction mechanism, and the fines for
non-compliance can reach 4 percent of a company’s annual
revenue.
-Business will obviously change for everyone not taking
personal information seriously. This will clearly raise
awareness regarding how the data is secured, but it’s also
vital not to forget where the information is located, says
DigiPlex CEO, Gisle M. Eckhoff.
Moving data to safety
American computer security company, McAfee, published a
study of over 800 company leaders from different sectors.
The report reveals that 50 percent of the respondents state
that they would like to move their data to a more secure
location. A motivating factor is the new EU legislation. The
report also reveals that 74 percent of the business leaders
specified that they thought protecting the data correctly
would attract new customers.
-Data security is not just about protecting yourself against
hacking and other digital threats. The overall security
critically depends on where your data is stored. Companies
who actively select a secure data centre to host their data
will gain a competitive advantage in the market as the
management of personal information is in the spotlight,
says Eckhoff.
Physical security is forgotten
While EU-based companies are in the process of adapting
to the GDPR, Gartner predicted only 50 percent of
American firms will be ready for the strict regulation by the
end of 2018. It’s primarily the largest companies and public
enterprises that are furthest along in the process of
adaptation. According to Eckhoff, they are usually the ones
that are the most concerned with data security and where it
is stored. Fire and operational safety are two obvious
challenges, but physical security also includes securing
yourself against theft.
-Several smaller businesses and organizations keep their
data servers at their offices, and the physical security in
many of the smaller data centers is almost absent. If your
data is stored in such a data center, where someone easily
could break in and physically remove the hardware
containing your information, then you are very vulnerable –
both operationally and in relation to GDPR
At DigiPlex’s data centers, several layers of security ensure
the safety of the data and the personal information that is
stored there. Physical security is one of the most
complicated and expensive features when building or
updating a data center. That is why newly established data
centers have to reach critical mass, allowing them to store
enough data to compensate for the large security
investment.
THE
GDPR
PHYSICAL SECURITY
14 | December 2017 |

Gisle M. Eckhoff joined DigiPlex in August 2014 as Chief Executive Ofcer. He brings
nearly thirty years’ experience in senior positions in the IT industry in the US, Sweden, UK
and Denmark as well as at home in Norway.
Gisle is the former Senior Vice President and Managing Director of CGI’s operation in
Norway, and has also held a number of senior management roles at both country and
regional levels in CSC Computer Sciences Corporation. The experience and
knowledge gained from heading up the Financial Services vertical in the Nordic
region, before becoming Vice President and Managing Director of CSC in both
Norway and Sweden, is of great value when implementing DigiPlex’ growth strategy in
the Nordic markets.
Gisle holds a Degree in Business Administration from the Norwegian School of
Management.
About The Author
Adapting to GDPR
One consideration to take, as we are getting closer to the
implementation date of GDPR, is where your data center
should be located. Several US based companies are already
relocating their centers to the EU in order to comply.
Multiple database providers are helping non-EU companies
organize and segregate EU data from other personal
information. The data center industry is well established in
Europe, and some of the most cost and climate efficient
centers are located in the Nordic countries.
In the Nordics, the cool climate helps chill down vast
amounts of hardware that otherwise would have been
cooled down solely by electricity. Additionally, the
electricity that is required by data centers to run their
operations is supplied through easy access to affordable
renewable energy.
-In recent years, we have seen political turbulence in larger
parts of the world, Europe included. The stabile political
environment in the Nordic countries is also a climate to
consider, as the establishment of data centers is a long-term
investment, says Eckhoff.
Expert’s Insights
15| December 2017 |

DATA CENTER SECURITY:
he rise in cyber-crimes is one of the main causes of
TData center outages. As per the recent survey
conducted by industry insiders, cyber-crime caused
22 percent data center outages in 2015 opposed to 2 percent
outages in 2010. Adding to all these, now most of the data
centers are re-evaluating their security policies after the
recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in
many ways. However, the costliest loss is service
interruption and loss of IT productivity. So, the
organizations are now realizing that traditional security is
no longer secure enough to secure any data center. A recent
study has found that 83 percent of traffic travels east/west
within the data center, which stays undetected by the
perimeter security. In this environment, when an attacker
infiltrates the perimeter firewall, then can jump across the
system with ease, extract information and compromise
valuable data. Additionally, data centers can fail due to
trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way
possible from any kind of cyber threat? Don’t worry we’ve
got you covered, with the points below.
As the first step, one should Map the Data Center and flag
the hackers within the virtual and physical infrastructure.
The CSOs and CIOs with a system map of their systems
can react to any suspicious activity and take steps to stop
data breaches. Being able to visualize different traffic
patterns within a network helps to understand threats, that
eventually elevates the level of security.
Understanding and measurement of traffic flow within
the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south,
protected vs unprotected one can get to know about a threat.
Additionally, vulnerable zones and unprotected traffic need
to be monitored for a better result.
Firewall rules need to be defined and implemented as per
requirements. Additionally, one should allow traffic only
after thorough verification and selectively allow
communication to ensure maximum protection. The key is
to identify, what;s legal and secured and what can be
blocked to enhance security.
One needs to Build a Team with executives
who understand how traffic flows within
the premises and can access & secure
information, take necessary measures
to secure important assets along with
the implementation of roadblocks for
the attackers.
Security must move as fast
as a data center’s
technology adoption
and integration.
Security
Strategy
Should
Change
Alongside the
Technology and it should not
be treated as an add-on option. Additionally, businesses also
should ensure that their virus protection, signatures other
protection features are up to date for better protection.
Businesses should Identify and Place Controls over high-
value assets, which will help to reduce risk. However, older
security solutions are completely blind to new threats, new
security companies have produced latest solutions that
protect data in the virtual world.
18 | December 2017 |

Possible Threats
Access Restriction also needs to be imposed. Every business should thoroughly check a person’s background before giving
the access to a prized possession. Access to the main site and the loading bay must be limited, additionally, two-factor
authentications and fortified interiors with security guards and roving patrols would help to safeguard the employees and the
data center.
Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function
helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a
great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other
than administrative purposes for better security.
A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to
make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked
thoroughly.
Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and
communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit
the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must
undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of
security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance
footage helps when it comes to securing a data center.
Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or
natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the
disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive
visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with
lesser outages.
Info Network
19| December 2017 |

Jan C. Wendenburg
CEO
With the growing usage of smart phones and
internet, privacy has become a thing of past.
Nowadays, most of the mobile service providers
and the internet service providers store all the critical data of a
user for at least six months, up to two years, which they can
keep it forever. Analyzing this data maps society behavior
patterns, creates a blueprint of social communications. It is
possible to detect communication hubs, define who is more
important and switch off communication leaders. It questions
the very basic terms of freedom and privacy.
However, that’s not all Edward Snowdens’ latest leaks was
about, it even pointed out that the US Intelligence agencies
were using Google, Yahoo, Microsoft, Facebook, Twitter and
other popular global services to keep an eye on the users.
Snowdens’ documents even revealed that the intelligence
agencies hack their domestic and foreign companies in order
to wiretap their users. Adding to the government agencies,
there are also a few private organizations that specializes on
extremely sophisticated surveillance techniques. They collect
and analyze data about their target from different sources i.e.,
mobile phones, social media, personal computers,
communication contacts of their contacts, web cameras,
mobile cameras, and so on.
20
certgate GmbH:
Protecting Users
Since Inception
We protect your
mobile communication.
Whether text, voice
or email, with our
easy-to-use apps
and services you
are well equipped
for global
competition
| December 2017 |

To keep users safe from various kinds
of privacy and security breach,
Germany based security solution
provider certgate GmbH came into
the fray. The organization is
completely focused on mobile security
products and solutions, with offices in
Nuremberg (near Munich), Hannover
and Dusseldorf, certgate is owned by
the largest private equity company in
Germany and the management.
The company’s offering is twofold and
works hand in hand. First, certgate
APPs secure corporate mobile
communication with regards to
End2End encrypted voice, chat and
email. Its solutions protect data at
flexible security levels, from software
based to hardware protected 2-factor
authentication and encryption.
Secondly, certgates’ wireless smart
cards enable organizations to expand
proven desktop security into mobile
platforms. The company’s solutions
integrate with global mobile device
management solutions and improve
protection for enterprise mobile data
on travel and on rest.
A Veteran Leader
Jan C. Wendenburg is the CEO of
certgate GmbH. At certgate, Jan is
currently advancing the further
development of the “Mobile IT
Security solution provider,” with
patented and new concepts and
technologies for improving mobile
security for companies and authorities.
Throughout his career Jan has worked
in the IT industry. While serving for
IBM, he was responsible for
worldwide customers, Germany’s
largest systems integrator, in multiple
locations and for hundreds of millions
of sales. Jan then actively changed as
managing director to an international
IT company. Afterwards, he led the
transformation of the company into an
international venture capital fund with
offices in Berlin, Hong Kong and Los
Angeles.
During this time, he founded
AuthentiDate International AG in
Dusseldorf, which was the first
German accredited certification service
for time stamps and leading IT security
specialist. In 2005, AuthentiDate was
awarded the highest prize for IT
security pioneering work in Germany.
However in 2011, he sold the
organization to exceet Group S.E. and
supported them on their successful IPO
on the Frankfurt Stock Exchange.
Standing out Amongst the Crowd
and Maintaining Long-term
Relations with Clients
certgate has been a long-term IT
security innovator. Its patented and
unique mobile security products and
solutions provide maximum security at
minimum user impact. In general,
software-based mobile security
solutions rely on the safety of
underlying operating systems. In case
one encrypts the confidential data and
stores the key on a vulnerable device
or Operating System all the data
possesses a massive threat. certgate
comes to the rescue by letting its
clients store their valuable keys
wirelessly on global certified secure
elements. The company truly protects
its clients’ mobile data, mails, chat and
voice communication. This works
mostly independent of the security of
the operating system, i.e. Apple/iOS,
Android, Windows, MacOS or Linux.
According to certgate GmbH, IT
security is a matter of trust and the core
fundament of all its clients and partner
relationships. The organization
includes all its clients and partners into
the product roadmap plan discussions
to receive feedback on current products
and future concepts.
When the Success is Based on
Restless, and Paranoid Approach
certgates’ success is completely based
on a restless, paranoid approach in
order to combine maximum security
with minimum user impact. The
company is now working intensively
with its partners and clients, no matter
the platform, geography, or language.
certgate believes that within IT
security, there are a few major trends,
which are important to watch:
• Everyone and everything goes
mobile.
• Users request simple user interfaces.
• Consumerization is key.
• IT security should have no user
impact.
• IT attacks will increase dramatically.
• Artificial intelligence automation will
put almost any software based
security concept at high risk.
However, certgate is very well
prepared to drive, follow and comply
with these trends. While the first trends
are short to medium term – the last one
“artificial intelligence” (AI) will have
the biggest impact. AI will be the most
dangerous one with regards that
hackers will use AI to find
vulnerabilities and completely new
ways to invade infrastructures and
gather user keys and credentials.
certgates’ solutions combine high
security with consumerization and
include the option to use proven,
certified secure elements. They are
perfectly protected against new
weapons and attacks, which might
arise in future.
21| December 2017 |

Educating Employees to Minimize
the Risk of Cyber-Attacks
During 480 B.C., in The Battle of Thermopylae, merely three hundred Spartans held off a huge Persian army.
However, in reality Spartans were not alone in the battle, alongside them fought Athenians, Thebes and other
Greek forces. Until the last day Greeks had a force of around seven to eight thousand soldiers at the battle ground.
The key differentiator in the battle was that, Spartans were already professional soldiers, whereas the Greeks were not
professional soldiers and they fought in the army while called upon.
Cut to modern days, the world is now completely dependent on internet, and it posses a massive threat from a modern-day
nuisance which is called Cyber Attacks. The worst part is, sadly the users are not Spartan warriors, instead most of them
are working professionals or casual users. These professionals are not at all security geeks, most of them don’t understand
what cyber security is, and for that we can’t blame them either as their jobs aren't focused on information and
cybersecurity.
So, in order to be safe in the bad world of cyber attacks and breaches, one just can not
develop a single cyber security program and claim that his staff is well-trained to
tackle the security breaches. In real world, not everyone is a Spartan warrior,
so one needs to educate his employees and start awareness programs that
will eventually help to educate users to be safe from security
breaches.
22 | December 2017 |

Already confused? Don’t be, we are here with few steps that can eventually help to ensure safety in the risky cyber world.
An organization might interact with several vendors, which can involve various purposes. So, the first step towards safety
is to determine which members would be of highest-impact to the organization in case of a breach. Additionally, it is also
important to consider what type of data the vendor is handling, which can be anything from cardholder data to protected
health information.
One always need to reinforce messages through policy, internal videos, in staff meetings and other sources that works in
the environment. In order to create an awareness program, one must understand that awareness is a process and it always
takes time. Lastly one must Set the expectation that the elements of the awareness program will be updated, and repeated
on a regular basis.
Another blunder most of the internet users commit is using same password for multiple services. Same passwords always
tend to leave the entire digital life at a stake and vulnerable to breaches. As if one hacker has got the hold of a single
password, then he can access all the accounts of the user.
Nowadays hand-held devices like cell phones and tablets have become a necessity and many of the employees use them for
official purpose. However, the user should always be extra careful while installing new apps in the phone or tablet as this
is one of the most-easy ways in which malicious apps can gain access to the personal information of a user. An app can
always ask for a big list of permission in order to function, but it's important to be aware of what types of information the
app is accessing for better safety.
Always be aware of phishing scams. When it comes to phishing scams, cyber criminals design a website or email-id to
steal sensitive data. Most of the time the attacker installs malicious software onto the user's pc. The worst part is, one can
barely differentiate these websites or email from the genuine ones. However, phishing scams are quite easy to spot, but for
that one must know what to look out for.
Companies must also tell their employees to avoid logging into any of their important accounts from public computers
or public networks. A public pc or a network is open to all the users, which eventually leaves many security holes
in them. However, sometimes people might not have the access to a private pc or a network, so in that case the
user must delete the browser history once done and only log into a network after making sure that it is
completely safe.
Applying necessary software updates are very critical nowadays. Tech giants like Microsoft, Google,
Apple, etc. releases bug fixes, security patches in their recent updates. These fixes mostly help users to
be secured in the risky world of web.
Above all these key points, one must remember that one must train his employees such a manner that it
eventually increases the staff's ability to make much more secured decisions that to consciously.
Employers must remember that they are not making any cyber security experts, for that role the company
already has specialized geeks. They only need employees who are good and has the enough
presence of mind so that they can help to protect the organization. So, here are few points from
us that can eventually help you to minimize risks of cyber-attacks which can wreak havoc in
your organization.
Editos’s Perspective
23| December 2017 |

onShore Security: We
want
to bring
the full
freedom
of the
Internet
to all
Stelios Valavanis
Founder and CEO
With a dedicated mission to protect the freedom of
information by revolutionizing cyber defense and
governance, onShore Security came into existence in
1991. Initially incepted as network consultants and software
developers, onShore launched managed cyber-security in 1998
with a purpose to provide freedom via security. Being the leading
provider of managed cyber-security, the company believes that
cyber-security requires a well-developed process with a 24x7
analysis of network and application data throughout an
enterprise to inform policy; onShore calls it Panoptic
Cyberdefense.
The core of what onShore Security does is its Panoptic
Cyberdefense Security Operations Center. The company
collects data throughout the network and hosts, which it
analyzes on an ongoing basis. This is done to look for threats,
anomalies, and compliance to inform policy and evaluate
security posture. onShore also provides Cyber-security
Leadership services such as virtual CISO and CISO mentoring.
Path Breaking Services
Most of its competitors in the cyber security space use off the
shelf solutions, however onShore uses what it likes off the shelf
but most of it runs on its own platform, developing integrations
and customizations geared towards empowering analysts rather
than simply automation. Eventually, the client receives high
visibility and a rich understanding of their security posture.
The company offers four services related to security, they are as
follows:
Protecting the Freedom
of Information by
Revolutionizing Cyber
Defense and
Governance
24 | December 2017 |

Ÿ Panoptic Cyberdefense SOC
It is a cyber-security professional
service involving high-level
consulting, monitoring, data collection,
analysis, security management, and
reporting. onShore typically serves
regulated industries and enterprises
with complex networks with its 24-
hours cyber-security response feature.
It integrates its solution with its clients
IT organization, thereby increasing
security visibility, providing reporting
for management and regulators, and
inform policy.
With cyber-attacks now often
becoming multi-vector, multi-
exploitive, and 55% of them beginning
with social engineering, onShore is
using a holistic approach to tackle the
same. In this post-Sony era, every
single network is vulnerable both from
inside and out. During onShore’s two-
month onboarding process, it heavily
tunes its sensors to establish a baseline
of its clients’ network with hundreds of
parameters matched against
characteristics of client policies, risk
appetite, and regulatory compliance.
Ÿ Cyber-security Leadership
It is a cyber-security professional
service provided by onShore security
involving CISCO responsibility,
augmentation, and direction. onShore
CISCO leadership serves clients and
satisfies regulatory requirements at a
fraction of the cost. The core function
of CISCO is to report on a company’s
cyber-security program, at least
annually to the Board of Directors,
including the effectiveness of the
program or any material events that
were addressed during the time period.
Ÿ Cyber-security Assay
This is a cyber-security professional
service involving a suit of tests and
assessments to determine cyber-
security posture.
Ÿ Cyber-security Insurance
Cyber-security Insurance is Cyber
Liability Insurance Coverage
underwritten by the Lloyds of London.
onShore Security has engaged with the
best in cyber liability insurance market
to provide a comprehensive Breach
Response.
The Farsighted Leader
An investor in several early stage
companies, Stelios Valavanis is the
Founder and CEO of onShore
Security. Graduating from the
University of Chicago in 1988 with a
Bachelor’s degree in Physics, Stelios
held various technical positions back
there. Currently, he serves on the board
of ACLU of Illinois and advisory
boards and committees for several
other organizations and companies.
Stelios business and technical prowess
revolves around network and security,
designing internet security for trading
firms in the 90s and building a
managed security company with an
emphasis on banking. He is a big
advocate of open source software and
its contribution to the internet security
industry.
onShore and its Satisfied Clients
“We are always improving our offering
and providing additional value. We
also customize data collection and
reporting for our clients making it
easier for them to present to their
board of directors,” exclaims Stelios.
It truly infuriates onShore Security to
see cybercrime creating a sense of fear
and slowing down the innovative force
i.e., The Internet. The company
envisions bringing full freedom of the
Internet to everyone. It is via security
that this vision could be fulfilled; hence
justifying the company’s tagline
"Because Security Gives Us Freedom.”
Picture of the Future
onShore Security deeply believes that
security is a process, not any other
product. Slowly, many more
enterprises will begin to outsource
their security operation center, once
they realize that security is more than a
technical process; it is a business
process. As enterprises recognize the
need to answer outside of IT, onShore
stands ready with all its available
technical tools and the right
governance, which it garnered in the
banking space.
Moving forward, onShore is looking to
utilize small and cheap sensors to
capture more and more distributed data
for mass correlation, with core and
edge network data ad to give much
more powerful tools to its engineers,
like heuristics threat detection.
25| December 2017 |

Chandra Pandey
Founder & CEO
Cyber security has now become one of the most discussed
things in the digital universe. Despite investing vast
amounts of resources on cyber security solutions, data
breaches are increasing every day, and the traditional methods to
solve these breaches are flawed, requiring people to use a variety
of complex tools to identify and stop threats. The problem with
this approach is that 95% of attacks exfiltrate or corrupt data
within just a few hours of a breach, which gives hardly enough
time for experts to react. An advanced cyber-security threat
management startup, Seceon, recognized this flaw and developed
an innovative disruptive solution by establishing an approach that
deploys analysis of all traffic, logs, flows, identity data and
processes in and out of the network and correlates them near-
simultaneously with behavioral analytics. The company
recognizes threats, zero-day exploits and policies to surface
threats and propose responses in near record real-time. Moreover,
the security measures can be deployed within a few shorts hours
in any size organization with little to no cybersecurity expertise
required of enterprise or service provider staff.
A Proven Undisputed Business Leader
Chandra Pandey is the Founder and CEO of Seceon. He is an
expert in data center architecture and highly scalable network
solutions, and a proven business leader with experience of more
than twenty years in developing and marketing innovative
technology solutions. Before founding Seceon, Chandra served
BTI Systems as a General Manager and Vice President of
Platform Solutions for a brief period. He led a global team
through the creation, development and launch of the Intelligent
Secure Cloud Connect platform to more than 20 Web 2.0─focused
customer deployments in less than 18 months. Additionally,
Chandra has held senior leadership roles at companies like Juniper
Seceon:
Detecting and
Stopping Threats
that Matter
Seceon is a leading
solution when it
comes to cybersecurity,
and we continue to
prove this to our clients
by allowing them to feel
secure and by enabling
them to focus their
attention on successfully
running their respective
businesses
26 | December 2017 |

Networks, Internet Photonics (Ciena),
Lucent and 3Com (HP).
While serving Juniper, he led the
worldwide Solutions Architecture &
Engineering teams and was also
responsible for delivering integrated
security solutions for Juniper’s
enterprise, service provider, managed
service organization and major OEM
partners, driving billions of dollars in
revenue for the company. Chandra is
an inspirational leader, who is always
empowering his team to take on the
continually evolving cybersecurity
challenges that businesses face
nowadays and in the process created a
new market category. As the CEO of
Seceon, Chandra works closely with
customers to define and address the
problems, implications, and solutions
of defending corporate assets in today's
highly-connected enterprise.
A Different Cyber Security Solution
Provider
When it comes to tackling competition,
Seceon’s strategy is to differentiate
itself from others. Seceon’s Open
Threat Management (OTM) platform
provides the industry’s first and only
fully-automated threat detection and
remediation software platform. The
platform helps customers detect threats
as they happen and enables them to
take immediate automated action on all
those threats. Seceon’s unique
platform is also capable of handling
millions of inputs from logs and flows
and correlates all those together into
actionable alerts that can be put into
action automatically or manually.
Thanks to its ability to scale at speed,
the platform can process data in real
time, ingesting and running threat
models through DRAM; updating and
activating these models within minutes
through advanced correlation with
intelligent application of machine
learning—and therefore “see” how
systems talk to each other. This
capability allows the system to look for
anomalies and correlate them to get
full view while minimizing false
positives and then triggers easy to
understand alerts with associated
appropriate actions for elimination and
remediation.
On the other hand, Seceon’s
competitors take a linear approach into
ingesting and analyzing data. Seceon’s
in-memory, fast analytics processing
enables a more global approach;
ingesting and analyzing data in real-
time while correlating with information
about existing threats or zero-day
exploits to deliver prioritized threat
alerts to IT analysts on staff or with an
MSSP. According to the organization,
there's no other company in the market
that can automatically provide threat
alerts and immediate, automated
remediation without any human
intervention, thereby dramatically
speeding up the time it takes to identify
and stop an attack and prevent data
loss with financial implications.
Empowering Enterprises to Detect
and Stop Cyber Attacks
The company’s main mission and
vision is empowering all its clients to
detect and stop all existing and new
cyber threats. Seceon wants all of its
clients, regardless of their size or depth
of technical talent, to have access to its
technology in order to protect critical
data from loss or damage. Seceon’s
mission is as focused on creating and
continuing long-term relationships
with its clients as it is about
empowering and protecting them.
Each quarter the organization launches
a major release with improvement to
the organization’s platform in order to
meet growing needs of clients.
When the Culture and Leadership
Team are the Two Biggest Factors
One of the biggest factors that can be
attributed to Seceon’s success is the
culture of the company. Seceon’s
culture is one of passion for work and
constantly striving to improve. This
culture is embodied by its team of
employees, and allows them to be
motivated and make a difference.
Another factor in Seceon’s success is
the strength of its leadership team
members, who have decades of diverse
experience. The massive experience
allows Seceon to move in the right
direction and to be prepared for the
future. The organization’s leadership
coupled with its mission of
empowering customers, drives Seceon
to be successful.
Lastly, the organization attributes all its
success to its approach in the industry.
Seceon’s approach and platform is
completely different and unique from
anything else in the market, which will
eventually allow the company to
separate itself from the rest.
Preparing for the Future
Seceon believes that cybersecurity is
one of the most prominent issues and
concerns for organizations of all sizes,
and for their customers as well.
Businesses are challenged to address
this issue by finding automated,
affordable, fast and effective
enterprise-class cybersecurity solutions
that don’t require extensive and
resource intensive human intervention
to analyze, detect, respond to,
remediate and report threats before
they cause extensive damage and loss.
However, the good news is Seceon is
well-equipped to address these issues
and empowers enterprises of any size
to have comprehensive cybersecurity
solution for a digital era. With 12
patents pending, the platform
automates data collection, analysis, and
correlation with behaviors and threat
models using machine learning for
real-time detection and remediation.
Finally, it provides companies with
proverbial virtual security analyst,
regardless of environment or
technology experience. Seceon OTM
Platform can see and stop all threats
proactively without any human
intervention.
27| December 2017 |

28 | December 2017 |

Maven’s Mentorship
29| December 2017 |

ShadowDragon:
Our tools were
developed to
simplify the
complexities of
modern online
investigations,
making it easier
for in-house
teams to
generate highly
relevant,
operationalized
and actionable
intelligence
Daniel Clemens
Founder and CEO
Today, the internet is ubiquitous. It has revolutionized
businesses and communications. It has also revolutionized
crime. Unfortunately, the web has become a valuable
vehicle for criminals to anonymously prey on victims though
cyber breaches and corporate espionage. The dark web now
provides platforms for nefarious businesses operations of all kinds
from identity theft, to money laundering, to human trafficking.
Cybercrime has been around for decades, but in 2010 there was a
sharp rise in different attacks leveraging the Internet. It was
around that time that Daniel Clemens began to get requests for his
security consulting company -- Packet Ninjas -- to investigate
malicious online activity. This was before the term “Threat
Intelligence” was coined. There were no tools available to easily
do this type of research. It all had to be done manually.
To help his clients, Daniel and his team created a tool – a
rudimentary version of today’s SocialNet -- to map social
media alias’ and identities associated with malicious cyber
activities. As new research demands arose over the next few
years, he created other tools -- OIMonitor, Spotter and
AliasDB. In 2014, with the addition of MalNet, he had created
five tools to investigate criminal activity online or online
communications.
The next year, Daniel founded ShadowDragon to license these
five solutions to customers. The goal -- empower in house
teams with tools that enable the easy and safe collection,
correlation and verification of diverse artifacts on the open,
deep and dark web. Today, ShadowDragon solutions are used
globally by U.S-based and international law enforcement,
government, military and intelligence organizations, and
Fortune 50 companies.
Digital Tools Designed by Investigators, For Investigators
The grassroots origin of ShadowDragon solutions set a course for
them to become a suite of tools that uniquely support the needs of
modern investigators. They are fairly simple to use for the non-
Solving the Challenges
of Modern
Investigations
32 | December 2017 |

technical. And, they are geared toward
helping in-house teams understand
their cyber situational awareness by
determining if they are a target, the
identity of their adversaries and the
adversary’s tools, tactics and history.
Ÿ OIMonitor – Performs live searches
on open, deep and dark web, and the
darknet. Investigators choose data
sources and define alerts to automate
intelligence gathering, and eliminate
the need to manually identify trends
and correlate threat.
Ÿ SocialNet – Performs live searches
and visualizes social media
connections to uncover identities,
correlations, networks of associates
and available geographical
information in just minutes.
SocialNet can be invaluable for both
cyber or physical criminal
investigations and social media
forensics.
Ÿ MalNet - Enables users to query,
correlate and visualize Proofpoint
ET in near real-time for malware
investigations and incident response.
MalNet helps identify and visualize
malware connections and
infrastructures in just seconds to
expedite investigations, response,
and malware protection.
Ÿ AliasDB - Historical database of
70,000 confirmed threat actors, 8,000
aliases and correlation of known
associates that can be accessed
through a customized interface that
can be used for research and
documentation. The AliasDB
interface enables editing of profiles
for customized updates.
Ÿ Spotter - Helps investigators gather
key intelligence to move an
investigation forward. Spotter works
by allowing users to engage
incognito with a target via a website
redirect that tracks the technical
aspects of the interaction.
How a Cyber Security Expert
Became a Leader
Daniel Clemens is the Founder and
CEO of ShadowDragon. Daniel is a
cyber security expert, entrepreneur, and
business leader who has dedicated his
career in solving complex cyber-
crimes. Till date, he has assisted
governments and businesses of U.S,
Latin America, Asia, and the Middle
East to solve complex cyber crimes
ranging from money laundering to
corporate espionage to large scale
cyber security breaches.
Daniel possesses extensive hands-on
experience in both offensive and
defensive security tactics as well as a
deep understanding to worldwide
threats. He has also provided security
briefings to the FBI, Department of
Homeland Security, the Department of
Defense former presidential candidates
and members of Congress.
During his career Daniel has aided in
the identification and apprehension of
hackers, terrorists, human traffickers,
and members of organized crime.
Never loosing his passion for research,
he also founded two companies –
Packet Ninjas, a cyber security
consulting company, and Shadow
Dragon.
Tackling the Competition
“Marketing strategy can be made into
a multi-dimensional and complex
topic, but when you strip all those
complexities away its very simple.
Deliver what your clients need, do it
with excellence, and do it better than
the competition,” added Daniel
Clemens.
In order to accomplish this,
ShadowDragon always listens
carefully to its customers and makes
sure to address client needs. Daniel
believes that “perfection can be a
roadblock to progress”, so his team
focuses on pursuing excellence,
instead, by imbuing his team with the
confidence that they can solve any hard
problem if they do their best.
By focusing on these two things –
customer needs and delivering with
excellence – ShadowDragon has grown
and succeeded organically since the
company started selling its tools.
Preparing for the Future
According to industry analyst reports,
the expenditure on threat intelligence
services and solutions will eventually
increase, and will become integral with
security strategy. However, as this is a
new category, ShadowDragon has
found some confusion and
misunderstanding about how threat
intelligence tools can be smoothly
integrated into security operations and
generate relevant and actionable
information.
For this reason, the company has
started to offer training courses to up
the level of understanding and
expertise among professionals on the
front lines who are not always knighted
with a title containing “cyber.” And,
ShadowDragon also seeks to help
those that do have a cyber focus to
adeptly use information that is
generated to forward a forensically
sound investigative process.
With the growing number of
sophisticated data breaches or inside
threats, more and more companies will
need intelligence on who was behind
the threat, the impact on long term
business perspectives on capital
investments, and alternative strategic
tactics to disrupt/counter the humans
behind the security issue.
ShadowDragon’s tools uniquely
augment team investigative capabilities
in support of BOTH physical and cyber
cases. They simplify online research
making it easier and faster to source
their own very relevant intelligence.
Analysts and investigators like these
tools because they can drive quick
results through real-time drill down of
investigation clues. It’s a faster, less
costly and more proactive approach.
33| December 2017 |

C
yber security plays a massive role in today’s tech savvy world. According to industry insiders, average cost of
data breach for various companies has increased from $3.8 million to $4 million recently. Most of the companies
today have embraced open source for infrastructure software; additionally they have also embraced cloud storage.
Both of these comes with their own blend of positives and negetives. Like if a data centre gets attacked or fails then it
could be deadly for a company, and most of the open source softwares are vulnerable to cyber attacks which posses a
massive threat.
So, here we are listing out some of the cyber security threats and their potential solutions, that can change the cyber world.
DDoS Attacks Targeted On Internet of Things Devices
As per recent trend, cybercriminals have got all out to target various IoT devices, that includes survellience cameras,
security systems, electronic appliances, cars, commercial enviornments, vending machines, robots in various
34 | December 2017 |

manufacturing plants etc. There are more than 12 billion
IoT devices that can be connected to the Internet and
researcher’s estimate there would be 26 times more IoT
devices than people by the end of 2020. This threat came
into spotlight recently after a revelation, where thousands of
low security IoT devices were being used to launch
massive-scale DDoS attacks. These attacks impacted
various DNS service providers.
DDoS is a kind of DOS attack which makes sure that
multiple systems are compromised, with the help of Trojan
virus. Ultimately, the victims of DDoS attack gets
maliciously controlled and used by the hackers.
To counter the threat, FTC has started targeting some IoT
device manufactures, whose products come without adequet
security.
Ransomware
Ransomware has seen steady improvement over the years
since its first appearance way back in 2005. In its early
days, cybercriminals would use fake apps and fake
antiviruses to alert victims, and then they ask for fees as a
charge for fixing some fake problems. Even it showed FBI
warnings, which contained threat messeges. Ultimately,
they began to lock down systems or any specific app until
the demands were met.
However, the main threat these days are crypto
ransomeware, where the attacker encrypts the file and the
victim needs to pay in order to get the key and unlock their
own file. According to various agencies, Ransomware has
caused damages of around $325 million till date.
In order to stay safe from the Ransomware, the user must
use reputed and original antivirus and anti maleware
softwares. Users shouldn’t open email attachments, until
they are completely sure. Use of storng password is must
and one should not reuse older passwords. Keeping all the
softwares up to date is another thing one must follow, and
last but not the least a user must backup all the data to
prevent data loss.
Business Email Compromise Schemes
A BEC attack is a form of fishing attack where the offender
pretends to be an executive and targets a vendor or a
customer who would transfer funds or classified
information to the attacker.
BEC attack is completely different from other attacks, in
case of BEC attacks, the attackers are highly motivated and
these kind of attack mostly passes through spam filters and
even evades email whitelisting campaigns. All these
together makes it hard to recognize that the email is not
from an authentic source.
So how can one be safe from a BEC attack? Don’t worry
there are few guidelines which will make life a bit easier.
A company must implement a multi factor authentication,
as a security policy, the authentication system will make the
hacker’s life much more difficult and ultimately it will
prevent the criminal from gaining access to a employee’s
mailbox. One must also check on organiztion’s spoofability,
that helps to know how secured the company is. There’s
nothing like teaching employees how to spot phising attacks
which will eventually help employees and the company to
be safe.
Risk Of Using Cloud
Recently most of the companies have started using cloud
services. Popular apps like Dropbox and Google Drive are
being used by companies, and sadly there are many users
who are using these services from their non-corporate mail
accounts which eventually expose sensitive data to outside
threats. Companies also lack specific usage policies when it
comes to cloud service, that can lead to sharing sensitive
information to unapproved apps, which can lead to severe
data breach.
So, to get rid of risk related to clouds, one organization
must have a strict and clear policy about how and when to
use it. An employee must be barred from sharing sensitive
data to unapproved apps.
Third Party Vendors Increases Risk
A company might build brilliant security system with great
policies to keep their customers and their data safe, but
unless and until their third party vendors use the same level
of security the data and customers will always be at risk.
Just look at the recent Wendy’s incident, where more than
1000 franchised location of Wendy’s were hit by a Point-of-
Sale malware attack, that eventually led to massive data
breach.
Until companies make sure that policies are tighted up
enough and the third party vendor is taking all the needed
security measures, these kind of attacks will continue to
Threat O Care
35| December 2017 |

take place. To prevent cyber attacks, organizations should come up with a policy, by which one should ensure that third party
vendors are taking same security measures as the company.
In addition to all these, stortage of skilled IT professionals is also hurting to a great extent; there are more than a million
vacant IT professional jobs across the globe. So, with more skilled professionals and by filling the vacant positions, the cyber
threats can be minimized to a great extent. However, one still has to religiously update and patch firewalls, firmwares,
changing the default password of the router and setting up strong passwords to not to get trapped in the world of web.
So, these are the type of cyber attacks that could hurt your company to a great extent, we have also listed out the prevention
methods, that will eventually help you to be safe in the web.
Threat O Care
36 | December 2017 |

Gregg Smith
CEO
Endowed with some of the best minds in mobile
technology, encryption, security, and privacy, Silent Circle
is the leader in the privacy and security of enterprise
communications. It helps to keep conversations between
employees, customers, and partners private.
Silent Circle provides secure business communications in the
cyber-espionage era, by delivering SaaS and hardware solutions in
conjunction with its proprietary ZRTP cryptography. It helps
companies and firms in managing their critical information
ranging from desktop messaging to portable firewalls, with its
products like GoSilent; and specializes in making data in motion
incredibly safe.
The answer to Cyber-criminals
According to Silent Circle, mobile devices are an integral part of
everyday human life, wherein people uses these devices 24 hours
a day, seven days a week. Smartphones have already replaced
computers, cameras, and is also helping humans in completing
various day-to-day works like emailing co-workers, messaging
friends, and in making phone calls.
With so many smart devices performing mission-critical functions
and transferring exabytes, if not zettabytes of data, mobile
platforms and their vulnerabilities have become prime targets for
cyber-criminals. These malicious actors use cellular monitoring,
intercepting, and data exfiltration techniques and run its entire
spectrum of criminal activities all across the nation states.
To cope up with growing threat of enterprise data breaching,
Silent Circle innovated Blackphone, which was created solely for
the purpose of providing businesses with a completely secure
Silent Circle:
Securing Enterprise
Communications in the
Cyber-Espionage Era
Protect
your
business
behind
the shield
of Silent
Circle
38 | December 2017 |

mobile device communication.
Blackphone offers a seamless user
experience, familiar Android
environment, and frequently used apps
and services. Additionally, Blackphone
provides complete control over when
and how data is shared. Its sequel of
development – Blackphone 2 – offers
additional support for MDM services
and Android platform for work
purposes. The Silent Phone software is
designed to provide a fail-safe method
of secure communications and file
transfer on any device. This software
and hardware combination is helping
organizations in gaining greater
technology integration, securing data,
and communication in a variety of
mobile environments.
The Veteran in Mobile and Cyber-
security
Gregg Smith, CEO of Silent Circle,
is a veteran in the mobility and
cybersecurity space. He joined Silent
Circle in January 2017 and has, since
then, leveraged his massive experience
of more than twenty-five years to steer
the company ahead. Gregg is a much
sought-after speaker at mobile,
wireless, and security industry events,
and brings-in his thought leadership
and expertise to the Silent Circle team.
Prior to Silent Circle, Gregg served as
the President of Aether Systems, which
is one of the largest and most
successful enterprise firms in the
region. In recent years, Gregg has also
lead teams at Koolspan and OptioLabs
as its CEO, and currently serves on the
Board of Directors for Datatribe—an
early stage venture capital firm
focusing on cybersecurity.
However, Silent Circle was founded by
Phil Zimmerman—a legend in the
cryptography world and the creator of
PGP and ZRTP. He has been inducted
into the Internet Hall of Fame and is
named as one of the ‘Top 50 Tech
Visionaries’ of the last 50 years as well
as one of the ‘Top 10 Innovators in E-
business.’ On the other hand, Mike
Janke, Co-Founder of Silent Circle, is
a noted privacy advocate and a former
US Navy Seal.
Technology to Tackle Future
The biggest challenge society is facing
in this cyber-crime prone era, is the
failure of software or hardware as
independent solutions for cyber-
security from a compliance or
regulatory perspective. Silent Circles’
goal remains the same, wherein it
wants to help people in managing and
controlling their content,
conversations, and data. Silent Circles’
platform can serve any device type
across an entire organization, which is
in a fixed location or with a mobile
workforce. It brings the combination of
hardware and software to effectively
check all the boxes a business client
needs, especially in a regulated
industry like finance. With its history
being a handset manufacturer, it knows
a lot about what is possible and not, as
all software resides on hardware or is
accessible via the web. Silent Circle
has already paired up with Cog System
to create and provide the most-
innovative mobile security solution for
enterprises available till now.
The Long-lasting Relationship with
Clients
The market is flooded with companies
providing cyber-security solutions, but
Silent Circle stands apart with a
shining badge of Silent Network; it
protects video and voice call data from
eavesdropping and interception on Wi-
Fi and cellular networks. The Silent
Phone has already set a standard for
protecting confidential private
communications and is recognized for
its peer-to-peer encryption protocol
and its impeccable user experience.
The new partnership of Silent Circle
and Cog Systems aims to provide an
in-depth mobile security defense
through combined encryption
technology on D4 Secure architecture
for mobile; to protect voice and video
call data on cellular and Wi-Fi
networks from interception and
eavesdropping. The technology works
by combining the Silent Phone
software on the HTC, secured by D4,
which was designed to protect
organizations and their users with an
unparalleled level of data and system
security. These technological
advancements are helping the company
to remain competitive in the market
and in sharing a strong bond with its
clients.
Values and Attributes in Success and
its Future Down-the-line
Data security has been the hallmark for
the company since its very inception.
Whether it was helping consumers or
helping businesses, the fundamental
principle has not changed.
It strongly feels that Silent Circle is
positioned for more growth. Gregg
Smith concludes by mentioning, “Data
loss and breaches continue to be a
problem. What is less reported on but
happens very often is data loss for
mobile devices. That is an area the
company has always had a focus on
giving our solution(s).”
39| December 2017 |

here is a strange inconsistency in how enterprises
Tmanage mobile communications compared to other
types of business communications.
With traditional voice communications and data
communications, we directly control how communications
are deployed and used by our employees. But for mobile
devices, we give up this control to external mobile service
providers, creating expensive management and regulatory
headaches.
It doesn’t have to be this way, which is why I founded
Tango Networks a decade ago to revolutionize business
mobile communications.
The Company is The Service Provider
Consider how other forms of communications are managed
for employees.
For typical desktop phone service, the company purchases
phones from a vendor along with a central system to
provide voice calling, conferencing, in-office dialing, and
other features. The company or its contractor will run
cabling and power for the phones. Then the company
contracts with a service provider for voice services. The
enterprise is in control of the communications system, and
sets the policies for each user.
It’s the same for data communications. The company will
contract with a service provider for Internet service. But
then the company will install routers, firewalls, SBCs and
Ethernet cabling, or Wi-Fi access points and similar
infrastructure to get its employees online. The company
similarly is in direct control of its local and wide-area
networks, and sets the policies for each user.
In both cases, the company is acting as a service provider
for its employees - delivering and supporting essential
communications services.
But this model has remained broken when it comes to
mobile communications.
The Broken Mobile Model
In more traditional situations, the company will contract
with a mobile communications service provider and buy or
lease mobile phones and service for employees. The
company pays the provider to handle support, configuration
and management of the phones in addition to the primary
voice and data service costs. While the company is
incurring these expenses, the company does not have direct
control over the devices to ensure that corporate policies are
followed. Companies that must monitor employee voice
calls and data sessions, or archive them for regulatory
purposes, face added expenses.
In some companies, this model has evolved into Bring Your
Own Device (BYOD) programs, often when IT departments
have simply given up trying to gain control over corporate
mobile communications the way they have always been
able to manage their other services.
Instead of contracting for phones with a service provider,
the employees are permitted to use their own devices. Then
the company reimburses or otherwise subsidizes services.
While this can be less expensive than a company-owned
phone approach, it makes enforcement of policies very
difficult, especially for regulated industries requiring
communications recording.
In both cases, the mobile devices and service subscriptions
remain separate from the main form of corporate
communications. If I call you from the office, you see my
corporate number as the caller ID. If I call you from my
Executive Voice
40 | December 2017 |

A company co-founder, Andrew
Silver now serves as Tango
Networks’ Chief Technology Officer.
Silver is an entrepreneur and business
technologist who has held senior
management and director roles in
large and small wireless companies
including Ericsson, Nortel Networks,
Comverse and Spatial Wireless. He is
an accomplished speaker at wireless
industry forums and has been granted
more than 50 patents in wireless
communications systems. Silver
holds an electrical engineering degree
and an MBA from McGill University.
About the Author
mobile, you see my personal mobile
number, or another number you don’t
recognize. If you call me on my mobile
but I need to take the call from my
desk phone for recording compliance, I
need to call you back, or else start up a
special app on my phone to record the
call.
In short, the user experience is messy,
unwieldy, and less professional in
appearance.
The Better Way
Imagine instead that your mobile
phone could be an extension of your
main corporate communications
systems.
You could make and receive calls
using your corporate number. You
could transfer, conference, call with in-
office dialing. You could send text
messages from your corporate number
and receive incoming texts to your
corporate number - something your
desktop phone probably cannot do.
Your calls and texts could be archived
for compliance. Your IT staff would
have direct control over when and
where you could make toll calls, or
even route them through the corporate
networks to reduce costs.
Suppose all this were possible even
with your own personal device. Your
business communications would
operate as an extension of your
corporate phone system while your
personal communications remained
totally private.
That’s exactly what Tango Networks’
solutions do. Our Kinetic
Communications Platform enables a
company to control mobile
communications in an entirely new
way.
Shared Control
The breakthrough is an innovation in
how communications signaling and
routing are managed. Our Kinetic
platform creates a communications
control system that is shared between
your company and your mobile service
provider, enabling the enterprise to be
the service provider for their
employees.
This means your IT staff sets policies,
determines call routing rules, turns on
features, and executes similar control
steps. These enterprise-managed
policies and configuration settings
interface directly with the service
provider where they are enforced on
the mobile communications in the
service provider’s network.
This provides great advantages for
both companies and their service
providers. For service providers, it
means that companies are taking on
much of their own support and
management tasks. For the companies,
it means the IT staff is more directly in
control of this critical form of
corporate communications. Our system
is supported by many Tier 1 mobile
service providers around the world and
is serving hundreds of thousands of
users with enhanced mobile
communications today. On networks
where our solutions are not yet
supported, we also offer many of the
same control capabilities for
employees that use Android,
BlackBerry and IOS (Apple) devices.
For the first time, mobile
communications can be managed by
your company precisely the way
traditional fixed voice and data
communications. In the end, this
means easier regulatory compliance,
lower mobile communications costs,
and a better user experience that
maximizes the productivity of your
employees on the go.
41| December 2017 |

Traits to Posses the Best
Enterprise Security
he founders occasionally forget about implementing important fundamentals of security and start running after
Tshining technology. The security budgets are limited, so they need to be sure about covering highest breach areas
before moving onto other things.
IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest
recorded number in the last 18 years. Criminals are always a step ahead of the existing security systems. So companies
should have best strategies and practices for enterprise security.
So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with
these basic practices.
Strong Firewalls
Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the direction
of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets. The traditional
process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the
popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted
and suspicious traffic away.
Securing Router
Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern
routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong
VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have
improved security posture companies need to use all the security features of routers.
Secured Email
It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An 86
percent of the emails in the world are spam. Even if the latest filters are able to remove most of the spam emails,
companies should keep updating the current protocols. If the no, of spam emails are large, then it only means the company
is at greater risk of getting malware.
Updating Programs
To make sure your computer patched and updated is a necessary step if you are going towards fully protected enterprise. If
you can’t maintain it right, then updating already installed applications is an important step in enterprise security. No one
Enterprize concern
42 | December 2017 |

can create 100 percent perfect applications, but one can make changes accordingly trying to keep it with the pace. Thus,
making sure your application is update will let you know the holes programmer has fixed.
Securing Laptops and Mobiles
You may wonder that why securing laptops and mobiles is in the list. But it is true that securing laptops and mobile phones
that contain sensitive data of enterprises. Unlike desktop computers that are fixed, laptops and mobiles are portable and
thus are at higher risk of being stolen. Making sure you have taken some extra steps to secure laptops and mobiles is as
important as implementing strong firewalls. Encrypting laptops and mobiles with the help of softwares is a great tactic to
be followed for secured enterprises.
Wireless WPA2
This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it.
Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2
installed, then it will be difficult to breach for criminals.
Web Security
Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years have
increased at an alarming rate, with over 51 percent of the victims. Simple URL filtering is no longer sufficient, as attacks
are becoming more frequent and complex. The features that need to be considered for web security systems are AV
Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability
to correctly scan the web traffic.
Educating Employees
Making sure that employees are educated about safe and online habits is as crucial as securing enterprise with top class
anti virus and firewalls. Educating employees about what they are doing and how to be pre-defensive is more effective than
expecting IT security staff to take steps later. Because protecting end users against themselves is the most difficult thing to
do. So, employees must understand how important it is to keep company’s data safe and the measures they can take to
protect it.
While the world is approaching with more and more cyber theft and crimes, these simple and standard tools based
foundation of enterprise security can protect the companies from such attacks.
Enterprize concern
43| December 2017 |