ESXi has many layers of isolation within its virtualised infrastructure, but all of that is implemented in software. They still require a level of trust in the hardware, which is where AMD SEV-ES comes in.
A guest operating system that supports SEV can ask the AMD Secure Processor to issue it an encryption key, for full in-memory, in-hardware encryption.
SEV-ES extends that protection to CPU registers, so that the data inside the CPU itself is encrypted. This protects the data from being read or modified when the virtual machine stops running.
Even a compromised hypervisor that accesses the register data cannot make use of it, because it is now encrypted.
Needless to say, adding support for AMD SEV-ES in vSphere 7 will spur the uptake of AMD EPYC processors in the datacenter.
In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA Network Equipment Security Assurance Scheme (NESAS) audit!
5G RAN gNodeB
5G Core UDG, UDM, UNC, UPCF
Here is a summary of the twenty NESAS assessment categories and the compliance levels of the HUAWEI 5G equipment that were tested :
Prior to passing the GSMA NESAS audit, these HUAWEI 5G equipment also passed the 5G cybersecurity test by China’s IMT-2020 (5G) Promotion Group, using test specifications based on 3GPP International standards for 5G security assurance.
HUAWEI 5G Faces Political, Not Technical, Pressures
Passing the GSMA NESAS audit will help assuage the cybersecurity concerns of nations planning, or already implementing HUAWEI 5G network equipment.
However, HUAWEI faces political, not technical, pressures with their 5G network equipment.
The 100% compliance score in the NESAS audit will not change minds in the US, and their Five Eyes partners are unlikely to consider HUAWEI 5G equipment.
That said, passing this audit will nevertheless strengthen HUAWEI’s shield against claims that their 5G equipment pose much greater cybersecurity risks than competing platforms.
It will help them win additional contracts in smaller countries whose concerns are far less about cybersecurity and privacy, and more with costs.
GSMA Network Security Assurance Scheme (NESAS)
The GSMA Network Equipment Security Assurance Scheme (NESAS) audit is a standardised cybersecurity assessment mechanism, jointly defined by GSMA (GSM Association) and 3GPP, together with regulators, industry partners, major global operators, and vendors.
This is a voluntary program which network equipment vendors can subject their product development and lifecycle processes to a comprehensive and independent security audit.
The GSMA NESAS covers 20 assessment categories, defining security requirements with an assessment framework for 5G product development and product lifecycle processes. It also uses security test cases by 3GPP to assess the security of network equipment.
Famed Filipino rum company, Tanduay, invited us to their main distillery in Manila to showcase their latest digital transformation initiative with SAP S/4HANA. We were also given an exclusive tour of their plant, and privileged to learn how to taste rum from mixologist and Tanduay brand ambassador Lee Watson.
Tanduay Makes The World’s Best-Selling Rum
A 164-year old brand, Tanduay rose from humble beginnings to establish itself as the world’s top-selling rum brand in 2018, taking over the crown long held by Bacardi.
After its acquisition by the Lucio Tan group 30 years ago, the brand underwent plant modernisation and expansions, which greatly increased their production capacity. Today, they have three separate facilities – all ISO-compliant, with the Cabuyao plant recently completing its ISO-9001:2015 certification.
In 2014, Tanduay Distillers Inc. President and CEO, Lucio “Bong” K. Tan Jr, took over the reins of the company. He kickstarted the global expansion of the brand. that ultimately led to Tanduay wresting the crown from Bacardi in just 4 years.
Recently, Tanduay opted to begin their digital transformation by adopting SAP S/4HANA, with seven modules – Materials Management, Production Planning, Warehouse Maintenance, Sales and Distribution, Enterprise Asset Management, Finance and Controlling.
Adopting S/4HANA would allow them to greatly automate their current processes, and cut the number of steps from procurement to the delivery of the final product. It will also allow them to greatly reduce paperwork, and the workload of their staff.
Lee Watson Teaches How To Taste Rum!
Tanduay also took the opportunity to showcase their famous Gold and Silver Asian Rum. They brought in mixologist and Tanduay brand ambassador Lee Watson to teach us how to taste rum. Now you can learn from him, and give it a try too!
The Tanduay Distillery Tour
We were given a tour of their main distillery just outside of metro Manila. If you want to see how they make the world’s most popular rum, you must check out this video!
F-Secure Regional Director of APAC and Japan, Keith Martin, flew into Singapore to ink a major regional partnership agreement with ACE Pacific Group. Timothy Shim from Tech Barrista and I had the opportunity to interview Mr. Martin about cybersecurity trends in Asia Pacific and worldwide.
Tech ARP Interviews Keith Martin
Keith Martin is the Head of Asia Pacific Corporate Business, F-Secure. Here was our exclusive interview with Mr. Martin after he officially signed the APAC partnership agreement with ACE Pacific Group.
The Cybersecurity Business
Tech ARP : How has your long experience in Japan helped you with F-Secure’s business in Japan?
Keith Martin : Japan is one of the largest market for F-Secure, and we are trying to replicate that (success) in the APAC region.
Tech ARP : Are you still based in Japan?
Keith Martin : Yes, but I have now racked up a lot of frequent flyer miles.
Tech ARP : What are your thoughts on the cybersecurity market in the APJ (Asia Pacific and Japan) region?
Keith Martin : Japan is a large market, but the growth rates are relatively stable. We look at the Asia Pacific region (which includes India, Australia and New Zealand), as the next source of growth for F-Secure.
Tech ARP : What are your plans, and areas of focus, for the APJ region?
Keith Martin : Without question, Singapore is going to be a major focus for F-Secure, as well as Australia and New Zealand. We just signed a major partnership agreement with ACE Pacific, which will be a cornerstone of our strategy in coming years.
Tech ARP : Chinese and Russian companies have been hit by accusations of cyber espionage and hacking, loose security and/or inserting backdoors into their products. Do you see this as a good opportunity to promote F-Secure’s products, or is this a poison pill for the entire industry?
Keith Martin : I don’t think it’s a poison pill for the entire industry. I have never seen any direct evidence that these go beyond mere accusations, but I understand the need to be cautious. One of the things that F-Secure is proud of is our policy that we will never add a backdoor into our products.
We are willing to walk away from any business if it means adding a backdoor. This is just the way we operate, because Finland has extremely tough privacy laws.
I think it’s absolutely an opportunity for us to differentiate ourselves (from the other cybersecurity companies) with our public pledge never to add backdoors in our software.
Tech ARP : Some countries like China and Russia are demanding access to encryption keys, and in some cases, requiring registration of VPN services. How do those tightening laws affect F-Secure products like Freedome VPN?
Keith Martin : F-Secure is very focused on maintaining the security of our products, so if those are the requirements, we will decline and get out of those markets. We would rather walk away from the potential business, than compromise the security of our products.
Tech Barrista : On the geopolitical implications of malware, do you feel that governments are increasingly more focused on cybersecurity on a national scale?
Keith Martin : For sure. We now see nation states attacking each other. There’s no denying that fact. Look at Stuxnet, that malware (which was targeted at Iran) got released into the wild and suddenly, people have the technology to use it elsewhere for nefarious purposes. I think that any country that does not pay attention to cybersecurity is sticking their heads into the sand.
Tech Barrista : Do you feel that this presents a greater opportunity for F-Secure?
Keith Martin : It represents opportunity, of course, but our mission as a company is to stop the spread of malware and cybersecurity attacks, wherever they happen. It’s a kind of Catch-22 situation, where we wish that nation states would not attack each other, but yes, we have the opportunity to help them protect themselves against such attacks.
Tech ARP : What is F-Secure doing to promote and enhance source code transparency? Like opening up transparency centers?
Keith Martin : At this point in time, there are no plans to do so. We have a very good reputation throughout our 30-year history of being straightforward and upfront. I have never seen any accusations against us of malicious activities.
Tech ARP : Does F-Secure allow corporations or countries with concerns to inspect their code?
Keith Martin : I don’t know of any specific situations in Asia Pacific where F-Secure has allowed this. It may have been allowed in other regions, where governments have specific concerns, but I’m not aware of those situations.
Tech ARP : Ransomware and phishing attacks are big problems these days. Can you detail how F-Secure can help users prevent or mitigate the risks of ransomware and/or phishing attacks.
Keith Martin : Third-party analysis of our software show that we are actually better at detecting these 0-day attacks than any other companies out there. We pride ourselves in detecting not just the malware we know about, but also the malware we don’t about, using technologies we have been developing over the last 20 years.
We have a multi-layered engine, where we use everything from the basic pattern matching technology, to heuristics, etc. so that if it doesn’t catch the malware on the first layer, it will catch the malware on the second or third or fourth layer.
Tech Barrista : Is malware-as-a-service now common?
Keith Martin : It is becoming more and more common. The entry barrier to launching a malware attack is now much lower due to the ability to outsource the creation of the malware.
Cybersecurity Risks Of IoT Devices
Tech Barrista : With cybercriminals leveraging the Internet of Things and Artificial Intelligence, how much more complex do you see the cybersecurity landscape becoming?
Keith Martin : It’s becoming incredibly complex. Our Chief Research Officer Mikko Hypponen said, “Once you connect something to the Internet, it’s vulnerable“. Billions of devices connected to the Internet become potential attack vectors for cybercriminals.
Most IoT devices don’t have good security. If you can get into one of those devices, you can get into the network through them.
Tech ARP : Does F-Secure have any products to mitigate the risks of poorly-secured IoT devices?
Keith Martin : On the consumer side, we have F-Secure Sense, which protects every device on your network.
Keith Martin’s Professional Bio
Keith Martin has been Country Manager for F-Secure Japan for 2 years, before being promoted in February 2018 to oversee the entire Asia Pacific region.
Prior to joining F-Secure in 2015, he spent a decade in the telephony and contact center space, first working for four years in Avaya Japan as Director of Multinational Account Sales, followed by six years serving as Japan Country Manager for Interactive Intelligence, a pioneer in cloud contact center technology.
Before that, Keith also spent three years at internet startup ValueCommerce helping build their web hosting platform business before the company was acquired by Yahoo Japan. He got his start at global IT services provider EDS (now HP), delivering IT services to numerous financial industry accounts.
The Asia Cybersecurity Exchange is designed to nurture the development of new cybersecurity professionals, as well as encourage and support cybersecurity entrepreneurship. Find out how the Asia Cybersecurity Exchange is going to transform Malaysia into one of the world’s major cybersecurity hubs!
The Asia Cybersecurity Exchange Initiative
Asia Cybersecurity Exchange is the brainchild of LE Global Services Sdn Bhd (LGMS), formed in partnership with the ACE Group. Its mission is to identify and nurture cybersecurity talents and entrepreneurs in Malaysia. Their ultimate aim – elevate Malaysia as a cybersecurity hub in Asia.
US$ 50 Million Startup Fund
To help nurture cybersecurity entrepreneurs, the ACE Group has also set aside a fund of US$ 50 million / RM 200 million to invest in cybersecurity startups with high growth potential. The Asia Cybersecurity Exchange will help select qualified candidates and mentor their efforts.
MDEC Cybersecurity Development Program
The Malaysia Digital Economy Corporation (MDEC) is also supporting the Asia Cybersecurity Exchange initiative with a 12-month MDEC Cybersecurity Development Program.
This will consist of a series of cybersecurity conferences, hackathons, CISO roundtables, as well as industry collaboration workshops.
Cybersecurity Training & Internships
LGMS, with the help of MDEC and the eight premier tech universities in Malaysia, aim to train as many as 240 cybersecurity specialists in the next 12 months, with the aim of expanding the program in the subsequent years.
The top students selected by their universities will be interviewed and selected by LGMS for training by top cybersecurity experts, with industry mentors to help them nurture those who want to startup their own cybersecurity endeavours.
On 19 March 2018, TUV Rheinland invited us to an exclusive Industry 4.0 cybersecurity seminar. Entitled Cyber Risk Management for Industry 4.0, it looks at the role of cybersecurity in securing critical infrastructure and heavy industries, and paving the way for Industry 4.0.
Join us for the presentations by TUV Rheinland cybersecurity experts on how you can secure your company against the latest cyberthreats.
Industry 4.0 refers to the new industrial trend of creating “smart factories” with highly-networked manufacturing technologies.
Also referred to as the 4th Industrial Revolution, it makes use of cyber-physical systems, Internet of Things, cloud computing and cognitive computing, to automate almost every aspect of the manufacturing process.
Fun Fact : The name Industry 4.0 comes from the German “Industrie 4.0” from the high-tech strategy of the German government to promote the computerisation of manufacturing.
TUV Rheinland : Cyber Risk Management for Industry 4.0
The Cyber Risk Management for Industry 4.0 seminar is a platform for TUV Rheinland to share their insights on developing cybersecurity measures to manage operational cyber risk, be it for smart factories, smart devices or smart vehicles.
According to TUV Rheinland, the discipline of Cyber Risk Management can be effectively implemented if cybersecurity and privacy are addressed by design – both in strategy as well as operations. Let’s hear from their experts…
Operational Technology Protected
by Nigel Stanley, Chief Technology Officer of TUV Rheinland Industrial
Automotive Cyber Security
by Rajeev Sukumaran, Director of TUV Rheinland Consulting Services
On August 25, 2016, Samsung Malaysia hosted an exclusive Samsung Galaxy Note7 Enterprise Business Showcase at the Marriott Putrajaya. At this event, Samsung focused on the enterprise and business aspects of the Samsung Galaxy Note7, focusing on the new Samsung Knox 2.7 security features.
Samsung Galaxy Note7 Knox Security Explained
Mr. Young Kim, Vice President of Samsung’s Global B2B Service Group, flew in to give a detailed explanation of the new Galaxy Note7 Knox security features. Check it out :
Five New Security Solutions
Thanks to its Samsung Knox security features, iris scanning capability, S-Pen and IP68 water-resistance, the Samsung Galaxy Note7 is designed to address the business and security needs of enterprise users in the field. They help enable the five new security solutions introduced by Samsung at the same event. [adrotate banner=”4″] The new Samsung Cloud Document Solution will benefit corporate professionals and government officials by providing them secured access to classified documents stored in the cloud. Knox Customization allows for software customization on the Galaxy Note7 where corporate IT administrators can add corporate boot image and wallpaper, preload certain applications, and pre-set the device settings. For officers on the field, Incident Report Solution allows them to report incidents and document cases to the system and track progress. Konnected Patrol, on the other hand, authenticates the security officers actual check-in to the sites assigned by the headquarters and identifies the right personnel at the premises. Finally, Secure Document Delivery works specifically to ensure that important parcels are delivered and signed by authorised personnel. These include military delivery of goods and food, weapons real-time monitoring, and security firms’ delivery of cash.
Samsung Galaxy Note7 Key Features Revealed
For those who have not read up on the cool features introduced in the Samsung Galaxy Note7, don’t worry. In this video, Mr. Julian Thean, Senior Product Manager, Samsung Malaysia, goes through the new features in the Samsung Galaxy Note7.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!
by CommunicAsia2016 Summit speaker, Pierre Noel, Chief Security Officer and Advisor, Microsoft Asia
By 2020, four billion people will be online, 50 billion devices will be connected to the internet and data volumes will be an astounding 50 times greater than what we are seeing today.
This enormous explosion of connected devices and data flows and the complexity that comes with it, will make it more challenging than ever before for individuals, organizations and nations to protect themselves against cyberattacks – with greater complexity comes greater risk of malicious attacks and security exposure.
While there will always be new threats, new attacks and new technologies to keep an eye on, here are some security trends businesses in Asia Pacific ought to watch for this year:
1. Mobile Malware
As security threats continue to dominate news cycles, this year will be one where we see cybercriminals focus on targeting mobile devices by attacking underlying operating systems and releasing more malware-infected apps.
China leads the world in the number of mobile users, and malware on these devices will surface as a huge problem. A study by Tsinghua University, Microsoft Research, and China’s Ministry of Science and Technology found that only a quarter of apps in the country’s local app stores are safe.
The adoption of mobile payment systems will also lead to a surge in hack activity related to stealing information from new payment processing technologies like EMV credit cards, contactless RFID smart cards, and mobile wallets.
2. Online extortion and hacktivism
According to TrendMicro, a Microsoft Partner, rapid growth in online extortion and hacktivism is expected this year, with more sophisticated ways of stealing information and gaining control of webenabled devices being realized.
Malware programs like ransomware, are potentially one of the most dangerous types of computer malware and might be used more frequently by hacktivists in order to encrypt the victim’s personal information like photos or conversations and extort money online to regain control of online accounts and devices
3. Password recovery scams, including spear phishing and smishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.
Since phishing attacks are no longer limited to email, SMS phishing (smishing) is becoming more common, especially by hackers creating password recovery scams. A criminal hacker only needs a victim’s email address and a mobile phone number to start a password recovery process and compromise their account.
A New Approach To Cyber Security
Ultimately, as Microsoft CEO Satya Nadella, highlighted just last November, the digital world we live in today requires a new approach to how we protect, detect and respond to security threats. Companies must evolve from a simple, “protect and recover” model to a more holistic protect, detect and respond posture that utilizes real-time insights and predictive intelligence across networks to stay ahead of threats.
The current wave of cybersecurity evolution is centered around collecting actionable intelligence, to remain ahead of threats. Attacks such as Ransomware are targeted and follow certain patterns, Malware for example, tends to morph rapidly. To stay ahead of these threats, we need to make full use of the cloud to collect and analyze such information that will tell us what to expect, and where to expect it.
At the same time, it is also critical for companies to strengthen their core security hygiene; adopt modern platforms and comprehensive identity, security and management solutions; and leverage features offered within cloud services. It is just as important to create education and awareness across employee populations in order to build and sustain a pervasive security culture.
While organizations across the region are in various states of readiness with regards to cybersecurity, I remain optimistic as we see more organizations, government and non-governmental companies alike, making cybersecurity a priority and cooperating closely to ensure cyber threats are identified and dealt with quickly.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!
DALLAS, 21 January 2016 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software solutions, today announced it has once again affirmed its leadership in the global server security market, according to industry analyst firm IDC.
In a market sized at over $800M in 2014, Trend Micro has grown its revenue share for server security to 30.3%, outpacing both the market and competitors. For the sixth year in a row, the company has occupied the top spot for server security globally.
“IDC predicts the server security market to continue growing in importance, with virtualization, cloud and hybrid deployments driving the need for a modern approach to security,” says Bill McGee, senior vice president cloud and data center, Trend Micro. “Our leadership position in this market is a reflection of our focus on addressing hybrid cloud needs for our customers, delivering a comprehensive set of controls that can be centrally managed and automated for reduced operational impact across leading environments like VMware, Amazon Web Services and Microsoft Azure.”
Trend Micro’s market-leading Deep Security platform protects virtual desktops and servers, cloud, and hybrid architectures against zero-day malware and other threats while minimizing operational impact from resource inefficiencies and emergency patching.
“When choosing a security solution, today’s enterprises are looking for comprehensive security capabilities that address all of their critical issues,” says Chris Christiansen, program vice president, security products and services, IDC. “Working with a trusted leader in server security is always a good choice – and Trend Micro has led the server security market for six years in a row.”
Trend Micro offers the Deep Security platform as both software and as a service, enabling customers to align their purchasing with their data center and cloud strategy. Representative of Trend Micro’s commitment to the cloud market, Trend Micro Deep Security is also available on the AWS and Azure marketplaces, providing customers with additional purchasing flexibility.
“Almost all information security shops are outgunned every single day. We need a partner like Trend Micro to give us the firepower to fight back,” says Todd Forgie, vice president of IT and managed services, MEDHOST. “Trend Micro picks up outbreaks that other solutions miss. That’s why we decided to go pure-play with Trend Micro and we have not looked back.”