INFOMAGAZINE 8 by REAL security

TODAY’S SECURITY
IS NOT SECURE
It’s Time for a Massive Rethink in Security
catastrophic business impact
The cost of data breaches is projected to reach
$2.1 TRILLIONby 2019
spent on cyber security technology
like firewalls, virtual private networks
(VPNs), and antivirus software.
And no password is safe.
$1 TRILLION
5-year IT-security spending is forecasted to reach
by 2021
This new threatscape requires a paradigm shift.
Next Dimension Security
Where Security Follows Identity
Find out how to protect your enterprises from breaches.

Dear Reader,
Welcome to the 8th issue of REAL info magazine mainly
devoted to the EU GDPR directive, the new era of emerging
technologies and data privacy.
We are currently living in the information age which can be
described as an era where economic activities are mainly
information based. This is due to the development and use of
new technologies.
On the pages that follow, we will try to help you understand
the fundamentals of personal data protection, GDPR
compliance and the strategies for protecting what matters
most – THE DATA ITSELF.
But before you go on reading, you need to understand why
the EU is pushing data protection regulation in the first place
and why this is a necessity. This is a chance for all of us, to
not only protect, refresh and optimize our networks, but also
to bring in new technologies and stay at a certain level of
control of our own privacy. If we want to protect privacy, we
should first be aware WHY it is important.
On the one hand, we have become increasingly connected
and are constantly sharing information online, yet we
are giving away our privacy and personal data without
any knowledge of what is happening to them. We are
researching, purchasing and using online products and
services via numerous connected channels and devices.
All of this data is being collected by billion-user companies,
desktop and mobile apps, internet providers and mobile
operators for their own purposes, commercial gain, and even
what is the most frightening reality - for manipulation and
control.
This paradigm shift brings new ethical and judicial problems
which are mainly related to issues such as the right of access
to information, the right of privacy (which is threatened by
the emphasis on free information) and the protection of the
economic interests of the owners’ intellectual property.
Much of that concern may stem from social groups like
Facebook, having 2.07 billion monthly active users, mobile
and internet operators like Deutsche Telekom, giants
like GOOGLE and also the increased number of always
connected devices such as smartphones that contain
personal information. Gartner Inc. forecasted that in today
8.4 billion connected devices, everything from phones to
new household devices, swept into the internet of things
market, up 31 percent from 2016. Their prediction is that they
will reach 20.4 billion by 2020.
“Who controls the data, controls the world” - that is why
the EU is pushing new regulations and fighting against
Facebooks, Googles and other big names and their misuses
– primarily the commercialization of consumer data.
While the previous billion-user companies have been built
on collecting data, it’s projected that the next billion user
companies are going to be built around protecting user data.
Some of them you can already find in this magazine and if
you join us at our next RISK conference, which will be held on
14th and 15th of March 2018 in the Congress centre of hotel
Thermana in Laško, we can even arrange a chat with one of
their representatives for you ;-).
I wish you a successful implementation of the EU GDPR in
your organization and a happy personal life with lots of
PRIVACY.
RENATO UHL
CEO REAL
SECURITY D.O.O.
FOREWORD

CONTENTS
FIREEYE HELIX
DAVID IVACIC, SALES DIRECTOR
REAL SECURITY
48
40
SIMPLIFYING GDPR
COMPLIANCE WITH
MICRORFOCUS
CASE STUDY AT BERKSHIRE
HEALTHS SYSTEMS
BY MCAFEE56
WHAT WILL GDPR BRING?
SLOVENIAN INFORMATION
COMISSIONER08
A LOOK BACK AT
RISK CONFERENCE 2017
BY REAL SECURITY62
WHY SIZE DOESN’T
MATTER IN DDOS
ATTACKS INTERVIEW WITH
JAN C. WENDENBURG,
CEO CERTGATE GMBH
NICOLAI BEZSONOFF
NEUSTAR GM
11
DATA IS KNOWLEDGE AND KNOWLEDGE IS
POWER ROBERT LUBEJ, R&D REAL SECURITY04
UNDERSTANDING POST-BREACH THREAT
DETECTION IN THE DIGITAL ERA BY HILLSTONE46
INTERVIEW WITH ANDREW AVANESSIAN
COO AVECTO29
INTUITIVE SIMPLICITY
BART PELLEGROM, NETWORK CRITICAL42
FIGHTING GDPR REQUIREMENTS WITH
FORCEPOINT TECHNOLOGY14
PRIVREDNA BANKA ZAGREB
CASE STUDY BY HPE37
MICRO FOCUS ARCSIGHT:
PAST, PRESENT AND FUTURE OF SECURITY31
CYBONET’S CYBOWALL INSIGHT
GDPR COMPLIANCE23
INTERVIEW WITH RODNEY JOFFE
SENIOR VICE PRESIDENT OF NEUSTAR16
WHO IS VERSASEC?
INTERVIEW WITH JON SNOW, CEO44
WHEEL SYSTEMS
WHEEL LYNX - SSL/TLS DECRYPTOR50
NAKIVO CASE STUDY
CHINA AIRLINES51
ON DOMAIN NAME SERVERS
CHRIS ROOSENRAAD, NEUSTAR54 UTIMACO
HSM – THE ROOT OF TRUST22

The Cerrfied Data Proteccon Officer cerrficaaon track is tailored for those who want to become a
Privacy and/or Data Proteccon Officer in their organisaaon and want to earn the internaaonally
recognised S-CDPO tle.
The Privacy & Data Proteccon cerrficaaon track is made up of four cerrficaaon steps.
The Privacy & Data Proteccon Foundaaon cerrficate demonstrates that you have acquired a basic
understanding of the GDPR.
TThe Privacy & Data Proteccon Praccconer cerrficate and tle, as the next level, demonstrate that you
have acquired a good understanding of the GDPR and you possess the necessary skills to implement and
safeguard measures ensuring compliance with the GDPR at operaaonal level.
The Privacy & Data Proteccon Expert cerrficate and tle allow you to exhibit your strategic-level
knowledge and skills in privacy and data proteccon.
The Cerrfied Privacy and Data Proteccon Officer cerrficate and tle, as the highest-level qualificaaon,
require you to prove a minimum of three years of strategic-level professional experience.
SECO-Institute DPO track:
Your carreer path to become an international Privacy Officer
www.seco-institute.org
For more information visit www.si-gdpr.com or contact info@si-gdpr.com.

Ignoring for this purpose the theoretical differences
between data, information and knowledge, data
empowers organizations to achieve all of your potential
and optimize your business processes, it empowers
governmental agencies to drive us all into better future,
and it gives power to individuals to build ourselves a
good life. Nowadays, data has the highest value, and
we have to protect that value, regardless whether the
data is business data or personal data. Theme of this
issue of the magazine is personal data and GDPR.
And what do we need GDPR for? With great power
comes great responsibility, that power could also
be used for bad purposes. Companies could resell
customer data without authorization; organizations
could abuse employee data; individuals, internal or
external, could access and publically expose personal
data on celebrities, for instance. And the state, well, the
state is never content with the amount of personal data
it has about its citizens, no matter how personal it is.
Something was needed to put on paper all this relations,
rights, duties and responsibilities, to declare the powers
we all have, how we can and are allowed to use them for
common good. GDPR covers a big part of that; it guides
the use of personal data in organizations for preventing
the intentional or accidental misuse of that power.
Due to a number of circumstances in last year and a
half I have been a bit more away from the professional
developments in cybersecurity, also regarding
GDPR. Perhaps I am no longer an expert and I cannot
bother you with the details of the current situation of
implementing strategies for the proper handling of
personal data. Be that globally, at the level of our wider
region, or even just in our small states. But I think it’s
right to say to you that, if you would like to start with the
GDPR implementation project today as you read this,
and complete it by the day the directive comes into
effect, then you are – too late! That train has already left.
Even if you have already started, you probably will not
finish by the deadline. But do not panic, many of my
colleagues think that you are by far not alone. So, for
now, you’re not in a critical situation. But now you have
to make an important decision! Whether to - start or
strengthen activities in this field today and not only avoid
possible penalties or have a more comfortable life after
the deadline, but also all to have the benefits of the
DATA IS KNOWLEDGE
AND KNOWLEDGE IS
POWER!
orderly business process that comes with it, and the
consequent competitiveness or even competitive
advantage. Or – take a risk and wait for what will happen
and hope to avoid the penalties, but at the same time risk to
“sink lower” compared to other organizations. If you smartly
decided to do something, then read on.
GDPR or the General Data Protection Regulation of the
European Union was accepted on 27th of April 2016 and
will replace many national data protection laws of individual
EU states such as Slovenian ZVOP-1. It comes into effect
on May the 25th, 2018. This theoretically means that,
by the middle of 2018, all organizations, who store and
process personal data of EU citizens, must comply with the
requirements of the GDPR. These define the protection of
these data or the obligations of the organizations that store
it, as well as the rights of the individuals to whom the data
relate. In practice, though, the penalty is not likely to be
issued immediately on that day; at least if you will be able
to show that you have achieved a partial compliance or are
actively engaged in this project. That’s why you’re not too
late, yet.
GDPR implementation in stages – there are many advices
on how to implement GDPR compliance, a possible short
overview of the process would be, for example, the five
steps, as created by Alen Salamun.
If you plan to start today and achieve something, to be
able to show something on the day the GDPR comes into
effect, then start with personal data identification right now.
Following that, the activities you will need to perform later,
might be much clearer.
ROBERT LUBEJ
R&D DIRECTOR
REAL SECURITY
REAL EDITORIAL
04

Data identification - in a way we could say that we the IT
experts really meet the GDPR implementation in practice
during phase three, the data identification. This is when
we must actually identify personal data in our systems;
the data that we will need to regulate and protect to ensure
compliance with the GDPR. Which tools to use? The same
as is true for other phases of the project, goes here, too -
there are many solutions from a variety of vendors that we
could use. None is magical and none is all-inclusive. Most
useful are those of the types Information Governance
(IG) and Data Loss Prevention (DLP). With these we can
usually identify all of the business data, and personal
data is a subset of business data. Data identification
itself usually consists of two steps, first we describe the
data, and then we search for it. Data description is a
combination of patterns, algorithms ant other tools that tell
the system what is the data we are looking for. And during
searching we try to detect the data corresponding to this
description wherever in our system it is stored.
Data identification, the first step is - data description, we
define the prerequisites that determine the personal data.
Those can be classical, for example lists of business
terms or personal names. Or they can be algorithms and
patterns that define the format of the credit card number,
health insurance, vehicle registration number, etc. Or, we
could also sample personal data from central repositories,
which we know where they are. For example, a list of
personal names that might appear in relation to a GDPR
request can be obtained from a central database of clients
or from a disk archive of business documents. A process
of sampling the data, either structured data in databases
or unstructured data in files, is sometimes also called data
fingerprinting.
Data identification, the second step is – data discovery,
because, unfortunately, in 101% (sic) of organizations
the personal data is usually not stored only in central
databases or on central disk storage. If that would be
the case, our life would be very easy. Typically, business
data and, consequently, personal data are scattered
throughout the systems, on different types of servers
as well as on employee workstations, they make copies
for their own needs, in archive storage or on removable
media like USB, and other places. Therefore, in practice,
we do not know where all the information pertaining to
a particular person is stored. But, regarding GDPR and
compliance with it, we have to know. Data discovery is
the process of automated investigation of all of the data
storage systems - unstructured data in disk files and
structured data in databases - and the creation of an
inventory of this data. The inventory can be prepared on a
regular basis, for example daily or weekly, or as needed,
and can be thoroughly protected - masked, anonymized
or accessible only to authorized persons. Later, we can
use it to help us with other tasks, such as in our case those
related to GDPR.
Beyond the personal data identification - since that is
only the first of several practical phases of the GDPR
implementation, we will need to put these results to good
use. We could produce executive or security reports,
export results to other tools for real-time detection and
protection of personal data, or even tools specialized for
ensuring GDPR compliance, if we do have them. Two
very important obligations of companies who process
personal data are the obligation to respond to a request
for a list of all the data stored about a specific person,
and the obligation to delete all of its data if a person so
requests. We could use data discovery results for that, we
can see in these results what data is stored on a particular
person and where it is kept inside the all of our systems,
at least those included in discovery. This way we can
easily prepare a report on all the stored data or use it to
as an input for a process of data deletion from all storage
locations. In this way data discovery is very important for
ensuring GDPR compliance.
Where will all this get us, data identification, fingerprinting,
discovery, reporting etc.? It is a start of good personal data
protection. And it will lead us toward end phases of GDPR
implementation.
ACHIEVE
GDPR COMPLIANCE
IN 5 STEPS
1. Inform yourself on the GDPR Directive.
2. Appoint a person to be in charge of introducing
the GDPR directive.
3. Identify all of the personal data within the organ-
ization.
4. Perform a deeper analysis and prepare a de-
tailed plan of needed activities.
5. Start and gradually complete all of the planned
activities to achieve GDPR compliance.
BY ALEN ŠALAMUN
BECOME A MEMBER
GDPR
Find more information on the EU GDPR directive
on REAL security initiative for compliance on the fields of
both regulatory fields of IT and law at SI-GDPR. Become
a member of SI-GDPR club and keep up to date with all
updates on the topic of data protection.
www.si-gdpr.com
05
05

Your biggest asset is
also your biggest riskSM
Eliminate User-Based Risk
Monitor Third Parties
Stop Data Loss
Bridge Compliance Gaps
[PCI, GDPR, SOX, HIPAA, ISO27001/2]
observeit.com

REAL OPINION
Forward-thinking technologies such as Blockchain or
Quantum Computing are changing the way we create and
keep secrets; disruptive tech like Space Computing (the
one that can potentially put servers in the space… where
it’s not clear under which regulations and legislation we
can opérate there) is being considered by private entities.
No question that, as I tweeted quite recently ‘Next is Now.
Now is the Next New. New is Next. Now.’
This is not an era of changes. This is the change of an era.
We are witnessing not a Digital Transformation –as some
call it-; this is a Re-Evolution that capitalizes on things we
know (evolution) and revolutionizes the way we do them.
The needs of society in terms of Security and
Cybersecurity are covered by the use of ‘negative’ verbs
such as ‘Block’, ‘Deny’, ‘Stop’, etc. but there is another
side for all that and we should call it ‘the positive side of
security’ where verbs such as ‘Ensure’, ‘Connect’, ‘Build’,
‘Guarantee’, etc. are the ones.
I am proud of traveling the world to understand how
the world moves, how it changes and how disruptive
technologies are being used to ensure that sensitive
information is protected. And I am writing these lines as a
cybersecurity professional, as a father, as a patient, as a
citizen,… with the expectation that Government and the
private sector will do the right things… rightly.
I have been proud to be on stage in Slovenia many times.
I consider myself a friend of the country, its cities and
partners such as Real Security. And when I look back
into my career and all the times I’ve enjoyed sharing
messages with the audience at the RISK Conference,
some lines from 1916 Robert Frost’s poem ‘The Road Not
Taken’ comes to my mind. I am asking you, dear reader,
to embrace them in this Digital Re-Evolution, when you
adapt and adopt new technologies for this cyber-era. The
poem goes like this:
‘Two roads diverged in a wood, and I, I took the one
less traveled by, and that has made all the difference’.
We are living through times of change and in the
search for success and customer attraction, disruptive
technology is making its roads into businesses with the
promise of better protection and deeper control and
visibility. Disciplines such as Machine Learning and
Artificial Intelligence are becoming the norm when it
comes to provide faster detection and a more robust
approach to Security since it is now technologically
possible and economically viable to talk not just about
‘correlation’ but ‘super-correlation’ and enhance
detection rates.
However, we need to ask ourselves where is the limit
to all this. We should start asking the right questions
to the right people at the right time… or soon we
will be asking it to a bot. In a time where software
programs such as AlphaGo –the one made by
Google’s DeepMind- is capable of teaching itself with
no previous knowledge of the game… and winning, we
have to start thinking on ‘The Rise of the Machines’ and
how far that future-present is from us.
We must celebrate the forward-thinking society
we have become and applaud the developments
in Artificial Intelligence but as I wrote on my Twitter
feed some weeks ago, we must regulate AI… before
it regulates us. Actually, do you think that machines
have any rights? Do you think that your datacenter
wants to be turned off? Seriously. Today, the answer
is ‘Of course, not. They do not know’. Tomorrow, the
answer might be ‘They do not want to. Because they
are self-aware, they know they are, they exist’. And that
changes everything.
There are (massive) datacenters around the world
that are self-aware and are capable of ‘defending’
themselves. Truth to be told, they do so with rules and
policies established by humans… but it is just a matter
of time that realize that they what they want is to serve,
to be.
I’ve seen 3D printers that produce their own pieces
and supplies when they need… and two Facebook
machines that had to be shut down since they started
talking a language humans could not understand… but
they did. They created their own language and were
actually exchanging messages.
While you, dear reader, might think this is too far away,
I am writing these lines to serve as a wake-up call.
Trust me, the next big thing is being crafted as you are
reading this.
07
IT IS NOT DIGITAL
TRANSFORMATION. IT IS
RADICAL RE-EVOLUTION.
Ramsés Gallego, strategist and evangelist, CGEIT, CCSK, CISSP,
SCPM, Six Sigma Black Belt and former board director of ISACA

EVOLUTION OF PERSONAL
DATA PROTECTION
LEGISLATION – WHAT WILL
GDPR BRING?
During the last few months, a
lot of attention, especially in the
interdisciplinary field where law
and IT intersect, was given to the
upcoming changes of personal data
protection legal framework. The
acronym used when addressing
these changes, is GDPR, which
stands for General Data Protection
Regulation. After 25th May 2018,
all EU member states will abide to
the »new rules«. However, all is not
black and white as some would like
us to believe – after all, GDPR does
not represent a revolution, but rather
evolution of existing personal data
protection legislation.
New old rules
One should be clearly aware –
as most serious business are –
that legal regulation of personal
data protection is not something
new. Before the upcoming GDPR,
personal data protection in EU
was regulated by the Directive
95/46 EC from year 1995, and in
different EU member states, by
specific national laws. In Slovenia
we have Personal Data Protection
Act (PDPA-1/ZVOP-1), which will be
replaced by the GDPR after 25th
May 2018. Until then, every data
controller and processor will still
have to comply to the current rules.
Fortunately, however, these core
rules will not change significantly.
Data controllers will still need to
have legal basis (laid down in law,
consent, or other applicable legal
ground) for processing of personal
data, they will still have to know
precisely which personal
data they are processing
and for what purpose,
they will have to enable
data subject’s rights
(e.g. right to information,
right to supplement,
correct, block, erase and
to object) of individuals
whose personal data is
being processed, they will
have to create and maintain proper
contracts with data processors, and
they will certainly have to provide
adequate security for personal data.
Moreover, in case of discovered
violations, data controllers and
data processors will be subjugated
to penalties – although with the
enforcement of GDPR, these will
potentially be much higher.
It is therefore important to
emphasize that all those data
controllers and data processors,
who are compliant with current
legislation (PDPA-1/ZVOP-
1), will find implementation of
GDPR requirements relatively
straightforward. However, others
who until now did not put much
thought and effort into the issues
of personal data processing, will
experience upcoming changes as a
significant challenge.
What will really be new?
As emphasised before, GDPR does
not represent a revolution in the field
of personal data protection, but is
understood more as an necessary
evolution (or to use different
words – upgrade) of existing legal
framework. In its ideal expression,
such evolution should enable more
harmonized protection of personal
data across EU member states,
more efficient flow of personal data
between different data controllers
and processors, and enhanced
organisational and technical
protection of processed personal
data. GDPR represents a legislative
response to new opportunities
and new threats arising from rapid
technological and business changes
that shape the fate of modern
»digital« society.
GDPR clearly shows that the field
of personal data protection is
distinctively hybrid – it presents itself
as a contact point where legal in IT
expertise meet and interconnect.
This way, tackling the issues related
to personal data will increasingly
demand cooperation of both legal
and IT experts.
GDPR also introduces some very
specific novelties - which can be
regarded both as a challenge and
opportunity. One such novelty is
the requirement to conduct data
protection impact assessments
(DPIA) when developing new
information systems and solutions
which will include systematic
processing of personal data or
processing of sensitive personal
data.
The main goal of such an approach
is to encourage (or, if necessary,
force) data controllers and
processors to adopt a proactive
stance when developing new
or extending old IT systems for
personal data processing. The
purpose of DPIAs is twofold. On one
hand it strives to achieve the goal of
specific personal data processing
with as limited processing as
possible (data minimisation), on
the other hand it aims at increasing
the level of security and mitigate
potential risks for individuals whose
data is being processed.breaches.
In even more serious cases, data
controllers will also have to notify
affected individuals whose personal
data was compromised.
Another important novelty is the
requirement for data controllers to
notify supervisory body (Information
Commissioner in the case of
Slovenia) in case of serious personal
data breaches. In even more serious
cases, data controllers will also have
to notify affected individuals whose
personal data was compromised.
REPUBLIC OF SLOVENIA
INFORMATION COMISSIONER
08
MOJCA PRELESNIK,
UNIV. DIPL. PRAV.
REAL OPINION

Envisioned system of notifications will undoubtedly
present serious public relations challenge as more
security incidents will now be publicly known – and
as a consequence, data controller`s credibility and
reputation will be at stake. This requirement should lead
to personal data protection being taken more seriously
by companies and because of this (hopefully) more effort
will be invested into information security.
The third novelty is the requirement to appoint personal
data protection officers (DPOs). GDPR defines rather
broad criteria which organisation needs to appoint a
DPO and who can be appointed as a DPO. Such experts
will have to combine legal and IT knowledge – either
individually or as a part of a larger team lead by the DPO.
The novelties – and this is not complete list – should
not be seen (only) as additional organizational burden,
but also as preventive protection mechanisms and
as opportunities which should enable differentiation
of companies that understand the value of adequate
personal data protection from their less privacy friendly
competition.
What to do about GDPR this moment?
It is now the right time for organizations to do a state-of-
play snapshot and a gap analysis – to review and check
which personal data they processes, on what legal
basis, for what purpose; are data processors properly
regulated by personal data processing contracts;
are personal data exported to third countries and
are there appropriate legal basis for such export; are
personal data sufficiently protected from unauthorised
processing and other risks; and are individuals rights
regarding personal data processing respected and
duly supported throughout the organisation. Having
reviewed the existing procedures and policies, the
organisation should do a gap-analysis to ascertain
what are the measures that are needed to be GDPR
complaint (e.g. are we required to acquire new consents
from individuals, do we need to appoint a DPO and carry
out DPIAs). Larger organisations, such as companies
operating cross-border, may find this a challenging task.
Meanwhile, Information Commissioner will continues
to provide public up to date information on changes
regarding GDPR and also on measures one should take
into consideration when establishing proper compliance.
More information can be found on our website -
https://www.ip-rs.si.
REAL OPINION

FireEye’s goal is to reduce the cost and complexity of security
operations and give organizations the best possible risk posture.
Therefore in 2017 FireEye enhanced the customer experience by
merging individual products into FireEye Helix, a unified platform for
network and endpoint security delivered on premise, in the cloud or
as a hybrid deployment.
The platform is unified in how organizations acquire, deploy and
use it on a day-to-day basis. Interaction takes place through a
single console for the entire security operation, deployment occurs
with speed and at scale, and procuring the platform is eased by a
simple operational cost model.
FireEye Helix offers organizations of all sizes proven, signature-
less, real-time prevention, detection, response and remediation
capabilities against all threats. It is the foundation upon which any
organization can simplify, integrate and automate their security
program and it is designed to be delivered everywhere at the speed
of software. FireEye expertise can always be a click away whether
organizations need quick advice on a particular alert or deep
analysis.
REAL INSIGHT
Introducing FireEye Helix
HELIX
11
David Ivacic
Sales Director
REAL security

Designed by security experts, for
security experts, FireEye Helix
helps organizations operationalize
their security programs and
enables security teams to move
from detecting a threat to defeating
it quickly at a low total cost of
ownership. They can gain clear
insight into whether resources are
effectively allocated and whether
their security posture has improved.
FireEye Helix is based on a
revolutionary platform that brings
together the FireEye product
portfolio with event data from
non-FireEye components of an IT
and security infrastructure. From
this centralized platform, security
teams can overlay FireEye iSIGHT
Intelligence to triage buried threats
and perform rich analytics to detect
lateral movement, data exfiltration,
account abuse and user behavior
anomalies. All the while, they build
the context to automate, prioritize
and accelerate response activity.
These capabilities are delivered
through unified dashboards, guided
search and reporting modules
that enable users to quickly pivot
from detection to investigation to
response across every infrastructure
component.
Raise your visibility
FireEye Helix features FireEye’s
award winning MVX engine that
drives network and endpoint threat
detection. It intelligently collects
and combines network metadata
and alerts from across the security
infrastructure and delivers them to
a unified console. And it overlays
FireEye iSIGHT intelligence,
rules and analytics to give your
organization unparalleled situational
awareness to stay a step ahead of
attacks.
Accelerate response and
minimize the impact of a breach
You need the right information at
exactly the right time to stop threats.
Helix gives analysts validated
alerts with contextual analyses
and the ability to rapidly shift from
detection to remediation whether
on the network or an endpoint.
This helps to resolve attacks
quickly and effectively and provides
rich dashboards and reports for
compliance audits and management
briefings.
FireEye Helix accelerates and
simplifies the end-to-end threat
detection and response process
by bringing together your existing
technology investments and
incident handling processes into
automated workflows that deliver
real-time responses, reduce risk
exposure and maintain process
consistency across a security
program. Each deployment comes
with pre-built playbooks that codify
years of FireEye experience battling
the world’s most consequential
breaches. These playbooks hone
your processes to effectively detect,
investigate and respond to threats.
Enhance existing security
investments and reduce
operational costs
Many organizations have security
tools that are disconnected and
require slower manual processing
that is prone to errors. FireEye Helix
integrates and enhances existing
security tools with automated
correlation, pre-built playbooks and
FireEye iSIGHT Intelligence context
to help you prioritize the alerts that
matter the most and investigate and
respond to threats faster than ever.
REAL INSIGHT
BENEFITS
12
FEATURES
ANALYTICS
Discover hidden patterns and
anomalies in your data to further enrich
detection and provide context for the
investigative process.
COMPLIANCE
Predefined or custom dashboards
and widgets to visually aggregate,
present and explore the most important
information to a user while meeting
compliance requirements.
ROLE BASED ACCESS CONTROL
Createrolebasedgroupsandassign
granularpermissionstoaccess theconsole.
INVESTIGATIVE WORKBENCH
Full index, archive, search and malware
analysts against alerts and event data from
all sources across the infrastructure to
support flexible pivoting and fast hunting.
CONTEXT
Automatically coalesce related data to
help drive faster decisions, including
context across intelligence, alerts, host
and user data.
DEVICE & POLICY MANAGEMENT
Manage configurations, policies and
health status across your environment.
ORCHESTRATION
Automate and accelerate the
investigative and response process via
product integrations and defined actions
for specific alerts.
ENDPOINT VISIBILITY
Protect against endpoint threats and
exploits using intelligence, behavioral
and investigative visibility.
APIs
Support open and flexible APIs for
integration into 3 rd
party products, and
seamless embedding into customer
environments.
DETECTION
Multi-vector MVX-driven detection;
apply FireEye expert rules and FireEye
iSIGHT Intelligence against existing data
to identify threats that others miss.
INTELLIGENCE
Detect, enrich, explore and learn about
the latest intelligence threats from
FireEye, with breakdowns by country
and industry.
WORKFLOW MANAGEMENT
Organize, assign, collaborate and
action steps through the investigative
process through automated and
manual workflows.

Flexibly scale your operations
Organizations change and grow over time and FireEye Helix is built to evolve right alongside them. It uses the elasticity
of the cloud to quickly scale consumption and deployment and can always incorporate the latest available tools and
technologies for the best possible cyber defense. FireEye Helix works on premise and in private, public and hybrid cloud
environments.
Achieve compliance
For many organizations, reporting on compliance is often tasked to the security team because they have access
and visibility into compliance-related activity and the expertise to secure critical systems. FireEye Helix contains pre-
configured dashboards to provide visiblity into your compliance program and a scheduled search capability to collect
raw data over time. It helps your team satisfy audit requestsquickly so they can focus on protecting your network.
THE ROAD TO FIREEYE HELIX
BEGINS WITH US.
www.real-sec.com/fireeye
13
REAL INSIGHT

FIGHTING GDPR REQUIREMENTS
WITH
In this article, we will introduce three core DLP use-
cases where Forcepoint technologies are supporting
organizations prepare for the General Data Protection
Regulation:
• The need to inventory personal data
• The need to map, manage & control the flow of
personal data
• The need to respond to personal data breaches in a
timely manner
Why inventory for personal data?
Organizations will need to understand how much personal
data exists within their organization in order to quantify
their exposure to the GDPR. Invariably, an organization will
discover that they have more data than they thought and
in places they were not expecting. Additionally, knowing
where personal data resides will also prove useful during
data subject access requests; for example, where they are
looking to have their personal data rectified or erased.
Data Loss Prevention (DLP) is an excellent technical
measure to assist organizations to inventory for personal
data. DLP solutions are able to detect many types of data,
including personal data, in many different formats (e.g.,
structured and unstructured). They can also determine file
ownership, access rights and age of data files; in order to
be effective, it must be able to look for personal data across
the organization, within laptop devices, local file shares,
mailboxes and databases to network and cloud storage.
Map, manage and control the flow of personal data
Once you understand where your data is and who has
access to it, an organization will look to create policies
around the lawful processing of data. Employees need to
interact with personal data as part of their normal working
duties. Data flows across organizations in many ways:
employees move files from a network share to a laptop
drive in order to work remotely; email data to a supplier;
copy and paste data between applications; or upload data
to cloud file sync and share services.
DLP solutions understand how to recognise personal data;
therefore, it can be configured to perform particular actions
or work with other IT systems to instruct them to perform
actions on its behalf. DLP solutions must be in the flow of
personal data to take this action, and are most effective
when deployed on the endpoint, the network and in the
cloud.
Understanding data flows to 3rd parties is a critical
part of preparing for the GDPR. When combined with
technologies like Cloud Access Security Brokers (CASB),
web and email security gateways or encryption solutions,
DLP solutions can apply policies to allow the flow of data
in a safe and measured way. One way they do this is by
applying encryption as an employee copies files to USB.
In addition, they can educate employees on the safe
processing of personal data by using “pop-up” messages,
providing feedback and asking for justifications for
particular actions. DLP solutions can also instruct systems
to block or quarantine the transfer of personal data to high
risk locations, or move data when it’s found in the wrong
location.
Using a common security framework to map key GDPR & related
Information security activities and the underlying technologies de-
tailed in this overview paper.
REAL INSIGHT
14

What technical measures assist in the response
process to a data breach?
Detection: Security analytics tools like User & Entity
Behaviour Analytics (UEBA) can assist with the detection
of an incident. UEBA ingests thousands of security
incidents or events and applies analytic algorithms to
look for patterns of behaviour that are leading indicators
of data risk. This approach is compelling, compared to
the manual alternative of assigning individual operators
the task of scanning through huge volumes of alerts, an
approach which puts a huge burden on already over-
stretched security operations teams. Additionally, DLP
solutions such as Forcepoint DLP use pre-defined policies
to detect indicators of risk (e.g., looking for data movement
out of hours, looking for employee-encrypted files being
transmitted across networks, looking for personal data
contained in images such as screenshots).
Response: In assisting with the response process, DLP
solutions can provide valuable forensics around data
incidents. In addition, User Activity Monitoring (UAM)
technologies are very effective at supporting the response
process. These technologies are designed to monitor
specific observables of privileged users as they access
personal data. Some of these systems can take a series
of screenshots of an employee’s desktop during specific
events, and more importantly, as data processors access
personal data. In the event of a breach or data incident,
investigators are then able to access this deep level of
forensics to assist in the investigation. Getting to the truth
as quickly as possible is critical, not only to protect the
individual but also the organization; and of course, in order
to meet the strict timescales defined in the GDPR.
Recover: Once the investigation is completed and the
intent behind the breach is clarified, remediation actions
becomes more accurate. Whether it’s fixing a broken
business process, raising awareness with processors,
repairing an infected machine or updating data protection
polices, technical measures can be used to further test
and enforce these new outcomes.
GET YOUR COPIES BY CONTACTING US AT FORCEPOINT@REAL-SEC.COM
REAL INSIGHT
Forcepoint provides solutions that play an essential role in each of the discussed
GDPR related use-cases and the 5 pillars of the security framework, as seen in the
below table.
FORCEPOINT SOLUTIONS
There are more detailed documents available to help you understand:
• why organizations should inventory personal data; to scope initial compliance efforts and to understand
“sensitive data drift”, or as part of the day to day tasks when responding to Data Subject Access Requests,
• why organizations must ensure they understand data flows, and how DLP technology can assist them to
manage and control personal data flows as part of meeting GDPR requirements or
• which technologies can assist organizations to respond to data breaches in a timely manner.
15

INTERVIEW
Neustar’s Senior Vice President, Senior Technologist, and Fellow Rodney Joffe, who
has also served on the Federal Communications Commission’s Communications, Se-
curity, Reliability and Interoperability Council, believes the best approach is smarter
and simpler.
REAL INTERVIEW
Security is certainly a moving target.
Cyberthreats and the perpetrators
behind them are constantly evolving.
Modern security practices and
technologies must continuously
evolve as well to keep pace.
Neustar’s Senior Vice President,
Senior Technologist, and Fellow
Rodney Joffe, who has also served
on the Federal Communications
Commission’s Communications,
Security, Reliability and
Interoperability Council, believes the
best approach is smarter and simpler.
Every time there are advances in
cybersecurity, it seems the bad
guys are one step ahead. In this
intricately connected world, can we
ever truly get ahead of the threat of
cyberattacks?
No; next question. Actually, the thing
you have to understand is we have
constraints built in that the bad guys
don’t have, and that’s their edge. I
believe we have the talent, we have
the technology, we have the reach, but
we also have a moral compass that in
most cases restricts us. We have to
find ways to compensate for the agility
of the bad guys. We’re never going to
get ahead of the threat. We have to
adjust the way we look at things.
Is it a question of better security
technologies, better security
practices, more investment in
security, increased awareness; or
some combination thereof?
It’s all of the above, but I’d say better
security practices are probably more
important. We can improve what we
do. We don’t need more investment
in security, but smarter investment
in security. Sometimes the most
expensive solution is not the right
solution. The more you pay, things
tend to get more complicated. And
those complications add vulnerability.
You have to be smarter in what you do.
Sometimes the simplest things make
the most difference.
What do you think is the key to
creating the most efficient security
posture?
You need to understand, “Where
is the greatest risk?” What is the
part of my business that—if it was
compromised—would cause the
most damage to the company? Think
of a chemical company: the most
important thing is small group of
scientists who create the intellectual
property. You want to identify those
people who would cause most
damage if they left or if something
happened to them. [Protecting them]
could be as simple as not putting their
names on the company roster.
Do you think we collectively have
access to the data and intelligence
we need to maintain an effective
security posture, but have not yet
determined how to properly mine
or analyze that data?
Yes, the data is absolutely there. If
you work through it systematically,
you have really good chance of
understanding where your risk is and
how to improve [your risk posture].
The bad guys are continuously
evolving though, so we may have that
data today, but you have to have a
process to change. How do we keep
track of that [new data], then add it to
the risk analysis?
What sort of enhanced security
technologies and practices are you
working on now?
For us, the major push is around
OneID. It’s really about understanding
every piece of your infrastructure;
that means people, places, and
things. We’re working on capabilities
and technologies to being able to
authenticate every piece—the people
to whom they connect and the things
to which they connect.
How do you see technology
evolving to better protect
organizations against
cyberattacks?
We’re going to see the next generation
of the Internet that is no longer the
public Wild West. It’s going to be a
much more localized infrastructure.
You’re going to add access for other
organizations as you need them and
trust them. You won’t have this global,
“I can do anything from anywhere.”
That model is not going to work going
forward.One other area we have
to deal with is that once we identify
the bad people, we have to have a
mechanism for punishing them or
discouraging them from continuing to
do what they do. In almost every case
there’s a financial calculation. We
have to make it more expensive to get
to you than the value of what they’re
going to steal.
ON SECURITY
16

SIMPLIFYING GDPR
COMPLIANCE WITH MICRORFOCUS
Complying with new and multifaceted regulations can be a
challenge for your business. At MICROFOCUS, we break
down all aspects of GDPR into modules. Read through
and pick and choose the solutions you need to cover your
business, all provided with our quality and expertise as
standard.
Accelerating growth… securely
The new EU General Data Protection Regulation (GDPR)
is currently the world’s most important regulation involving
individuals’ information, because data is the currency of
successful business. GDPR sets the foundation for how
multinational organizations protect, and derive value
from, sensitive customer information. MICROFOCUS
delivers a flexible, modular, intelligent set of solutions to
help customers identify and take action on customer data
in accordance with GDPR. Armed with deep insight into
customer data, organizations can streamline and drive
cost efficiencies into the process of protecting, leveraging,
and taking action on this information. All with the peace of
mind that compliance and security are taken care of with
expert solutions.
18
“We should not see privacy and
data protection as holding back
economic activities. They are, in fact,
an essential competitive advantage.”
EU’S VICE PRESIDENT OF THE DIGITAL SINGLE MARKET,
ANDRUS ANSIP
REAL OPINION
PROJECT MANAGER
REAL SECURITY
DANIEL BEDNJICKI
Most of you already heard that
Hewlett Packard Enterprise
Software group was aquired by
MICROFOCUS and with this transaction (aquisition)
MICROFOCUS became the 7th largest software
company in the world with more than 12 billion USD
market cap.
MICROFOCUS with 40 years on the market and Hewlet
Packard Enterprise Software with 30 years on the market
are probably the best combination to provide business
with all the right solutions. MICROFOCUS with their
portfolio of software solutions like Novell (already was by
some of us forgotten), Borland, SUSE Linux, NetIQ and
many more and Hewlett Packard Enterprise Software
group with ArcSight, Fortify , Voltage, Vertica, Atalla,
Data Protector, Network management and monitoring
(NNMi, SiteScope), Control point, SDM, Content
manager, Storage Optimizer and again many more can
fit literally in every environment we can imagine. From
large enterprises down to small and medium business.
What we can expect in the future? Definitely a strong
push with already proven Hewlett Packard Enterprise
Software Security solutions especially with enforcement
of GDPR in May 2018 and with that also combining the
solutions with Microfocus solutions for mobilty and
collaboration, high avaliability and disaster recovery.
Hybrid IT will be the buzzword and MICROFOCUS is
uniquely positioned to solve customers’ needs across
all of Hybrid IT from mainframe to traditional IT to public
cloud, helping bridge the old and the new.
‘’We provide our customers with a best-in-class
portfolio of enterprise-grade scalable software
with analytics built in. We put customers at the
center of our innovation and build high quality
products that our customers can rely on and our
teams can be proud of.’’
MICROFOCUS
MISSION

REAL INSIGHT
Personal Data Assessment
Build a common operating model to deal with a privacy or cyber
breach
Create and test a robust cyber resilience plan
Protect Personally Identifiable Information
Protect data in use, in transit and at rest to ensure that when a
breach occurs the information remains confidential
Enable the Right to be Forgotten
Take contro lof data throughout its lifecycle
Notify breaches within 72 hours
Identify and contain breaches and enable a comprehensive re-
sponse to threats
Harden applications to identify and address vulnerabilities
19

REAL INSIGHT
Ensuring ‘privacy by design’
Rethink the way PII is handled
Regulatory and legislative needs are diverse and
complex, and an interpretive challenge for any
company, let alone an individual. Operate across
borders and that complexity increases exponentially.
Throw into the mix tighter mandates and fines based
on global turnover and the need to prove compliance
becomes critical.
Here at HPE, our Enterprise Services Security
consultants collaborate to strategically align your
policy, technologies, people and processes.
They bring knowledge honed in the most complex
regulatory environments, embodied in a unique
Cyber Reference Architecture.
Our Managed Security Services (MSS) and data
protection solutions lessen the burden, meaning
your business is ready to comply and thrive in the
digital era. With MSS, security becomes a business
enabler.
20

Partner for the Adriatic Region

REAL INSIGHT
What is a Hardware Security Module?
A Hardware Security Module (HSM) is a physical com-
puting device that generates, stores and manages cryp-
tographic keys safely. HSMs provide crypto processing
and are the basis for encryption & decryption, strong au-
thentication and signing operations. Cryptographic ap-
plications are essential for securing data transactions.
Know Where Your Keys Are
At the heart of hardware-based security solutions is the
ability to create, store and safekeep cryptographic keys.
Securing critical infrastructures and digital assets are the
two most popular applications at the core of our Hard-
ware Security Modules. Compared to software solutions,
Hardware Security Modules offer unprecedented secu-
rity, even in the most hostile environments. The physical
layer of HSM defence undergoes a very rigid certification
process according to internationally drafted attack sce-
narios, to prove that the HSM secures effectively against
all of those industry methods.
Utimaco HSMs ensures the security of cryptographic
key material for servers and applications. It includes in-
tegration software that supports the industry standard
PKCS#11, Microsoft CSP/CNG/SQLEKM and JCE in-
terfaces. It can therefore be used for numerous applica-
tions, including e.g. public key infrastructures (PKIs), da-
tabase encryption.
Utimaco HSMs offer:
• Highly optimized, state-of-the-art cryptography
• True random number generation
• Tamper protection
• Countermeasures to all known side channel attacks
• Self-destruction in the case of an attack
• A secure operating system environment
• Customization, scalability and flexibility
• Authenticated administrative access
Free Utimaco HSM Simulator for Evaluation and Inte-
gration Testing
You can easily test the Utimaco HSM for yourself. The
fully functional HSM simulator is publicly available for a
more hands-on experience. The quality of Utimaco prod-
ucts will speak for itself. The simulator package comes
with 100% functional runtime, including all administration
and configuration tools. Utimaco also includes a compre-
hensive library of integration and how-to guides.
Utimaco HSM – The Root of Trust

SOLUTION FEATURES
Predstavitev rešitve Cybonet
Dani GDPR COMPLIANCE
AND CYBONET’S CYBOWALL
REAL INSIGHT
26

What are the security challenges
you see with global organizations?
Time and time again, I find that
organizations are still falling down
with the basics and skipping to the
latest “next generation” technologies,
without taking the time to secure the
endpoint.
I speak to many IT professionals
who simply don’t understand the
day-to-day work behaviors of their
staff. When asked to “secure the
endpoint” by their management, there
are many misconceptions about the
effectiveness which naturally arise.
Reactive technologies based on
detection are perceived to be easier
to rollout, but cannot be relied on in
isolation. 55% of IT professionals
don’t have visibility over their
endpoints* and therefore try to avoid
implementing technology that touches
the end user.
There have been many security
breaches and attacks this year such
as WannaCry and NotPetya which
could have been prevented by having
basic security measures in place.
What are the best practices to
achieve secure and compliant
endpoints?
We advocate following the advice of
GCHQ, NSA, the Council on Cyber
Security, Government of Canada,
Australian Department of Defense
and others when it comes to the
most effective security measures.
These organizations all cite that the
most effective security controls are
application whitelisting, application
patching, operating system patching
and removal of local admin rights. In
fact, the Australian Skills Directorate
tested and analysed real attacks and
found that the combination of those
four strategies mitigates 85% of cyber-
attacks.
The 2016 Microsoft Vulnerabilities
Report found that removing admin
rights alone would mitigate 94%
of Critical vulnerabilities reported
by Microsoft. Avecto specializes in
privilege management and application
control, which enable organizations
to achieve compliance with mandates
such as NIST, DFARS, PCI DSS,
ISO27001, GDPR and more. Plus,
ensuring that all employees have just
the right level of access to perform
their job functions creates a highly
secure environment without hindering
user productivity.
What are the common business
drivers for privilege management
and app control?
In many scenarios, IT and security
leaders are looking to achieve
compliance: many compliance
mandates recommend the removal
of excess privileges and application
whitelisting as best practice
strategies.
Secondly, they’re looking to prevent
attacks: removing admin rights
mitigates external attacks that
leverage elevated privileges, like
malware and ransomware. Admin
rights removal helps to curb insider
threats as well, whether accidental or
deliberate.
Finally, organizations are always
striving to operate efficiently:
managing an environment full of
standard users is burdensome on end
users and IT staff. However, granular
rights elevation at the application level
gives end users the safety of standard
accounts with the flexibility of admin
accounts, while greatly reducing calls
to the help desk.
Andrew has been a fundamental part of the Avecto story since its
inception in 2008. As one of the company’s first employees, he
established its pre- and post-sales services, as well as its support
and IT teams. Andrew built and developed these functions from
the ground up, using his experiences of global implementations
across millions of endpoints to transform them into world class
offerings. Now responsible for Avecto’s end-to-end customer
journey, Andrew’s role as COO sees him combine his technical
and commercial skills to lead the global consultancy division of
pre-sales, post-sales and training, as well as customer success,
support and IT. Andrew is an avid public speaker and regularly
provides security advice to some of the world’s biggest brands. In
2016, he published his first book - The Endpoint Security Paradox-
focused on the challenges of balancing security and usability.
ANDREW AVANESSIAN,
COO AVECTO
29
REAL INTERVIEW

Why are organizations failing to get
these basic security principles in
place?
I know from my experience of
deploying privilege management
in global organizations that people
think it’s going to be hard. Every
organization is facing an endpoint
security balancing act. On the one
hand employees, and their endpoints,
need to be secure. But on the other
hand, many employees demand a free
and flexible operating environment.
The paradox that exists between
these two polar opposites is what
organizations most struggle with, and
this is why projects get delayed or
avoided. IT and security professionals
hear removal of admin rights
whitelisting and believe it’s going to be
too difficult.
What can be done to make the
process easier?
We know that organizations need
to find the right balance between
user freedom and security lock
down. So many times, I have seen
security become an afterthought,
rather than being an integral part of
a design from the outset. Balancing
the user experience with security
requirements is critical to ensure
that the security solution does not
impact the end user’s ability to do
their job. These balancing acts
come down to planning. Lean on the
experts and make sure that user role
requirements, workstyles, exception
handling and communication are all
covered.
We’ve also used years of experience
in rules configuration to develop a
Quick Start policy - an “out of the
box” configuration that provides the
fastest time-to-benefit. Deployment
can happen in a matter of , hours
rather than months. This approach is
revolutionary because it significantly
moves your organization up the
security scale overnight.
There is also a perception that
whitelisting is difficult and arduous.
This was historically the case
when thousands of rules were
created to cater for every individual
application in the business. With
Defendpoint, privilege management
makes whitelisting simple. Most
organizations cover the majority
of use cases with just a handful of
pragmatic rules, with intelligent
exception handling to cover the rest.
It’s this simpler and smarter and
approach to security on the endpoint
that will ensure project success from
one hundred to 100,000+ endpoints.
Can you tell us a bit more about
Avecto’s software?
Avecto combines best-in-class
privilege management and application
control, making admin rights removal
simple and scalable across desktops
and servers. Defendpoint is the
first stop in a best practice strategy
and offers the best time-to-value on
the market, with a frictionless user
experience and unmatched features
and functionality. We have deployed
our software across 8 million global
endpoints and have experience in
multiple implementations covering
small to large enterprises in every
industry . It’s this level of expertise that
has allowed us to revolutionize the
approach to privilege management on
the endpoint.
What further reading would you
suggest?
The Microsoft Vulnerabilities report is
critical reading for anyone who wants
to understand the business case for
admin rights removal in the enterprise.
This analysis looks at the different
types of vulnerabilities mitigated by
removing privileges. Download your
copy at avecto.com/realsecurity.
REAL INTERVIEW

Soon it will be a decade since we got
to know ArcSight solutions. Back
then it was an independent entity.
Later they joined forces with HP and
when HP restructured became part
of HPE, more specifically, HPEs
Enterprise Software division. Recently
HPE merged its Enterprise Software
division with Micro Focus, one of world
largest pure-play enterprise software
companies in the world. So now, as
we are talking about Micro Focus
ArcSight, let us recap on basics about
this platform and its future.
ArcSight Data Platform, introduced
a couple of years ago, remains the
basis of the platform.Its architecture
is shown in more detail on the second
picture.Meaning the central data
input in the platform are still the fabled
ArcSight SmartConnectors,ArcSight
Logger remains as a long term
storage solution, andArcSight ESM
– in full scale and Express versions
– is a correlating SIEM, a flagship
product, at least for now.Take a look
at the following scheme ofArcSight
architecture, and then will tell you
something about the latest solutions in
this platform.
ArcSightADP
ArcSightADP is an open and scalable
solution to collect, normalize,
and enrich data for compliance,
regulations, security, IT operations,
and log analytics.This is whyADP
lays the foundation of intelligent
security operations to expand the
visibility of data and provide flexibility
to consume data in any applications.
ADP is architected to provide the
breadth, depth, and speed of Big
Data collection that organizations
demand to improve their security
posture.The platform consists of log
management, data connectors and
a management console.It collects
machine data in real time from a
broad range of sources.The solution
provides searching, monitoring
and analyzing capabilities to detect
security threats fast.It is composed
of 4 components:SmartConnectors,
Event Broker,ArcSight Logger, and
ArcSight Management Console also
known asArcMC.Event Broker is the
latest addition.
ArcSight Event Broker
ADP is powered by a Kafka-based
Event Broker.This capitalizes on
investment by utilizing captured
data over multiple use cases.The
Kafka based Event Broker, provides
a distributed publish-subscribe
messaging system that is fast,
scalable and durable, with a message
bus for the scalable distribution of
data between multiple destinations.
While Kafka handles hundreds of
megabytes per second and thousands
of clients - basically distributing data
at scale and within a clustered and HA
environment, the EB distributes data
between multiple destinations.
Event Broker is not a mandatory part
of anArcSightADP deployment,
neither isArcMC.Rather it is meant
for larger environments with a need
for an optimized distribution of
large number of events to multiple
consumers.The Kafka based Event
Broker, provides a distributed publish-
subscribe messaging system that
is fast, scalable and durable, with
a message bus for the scalable
distribution of data between multiple
destinations.While Kafka handles
hundreds of megabytes per second
and thousands of clients - basically
distributing data at scale and within
a clustered and HA environment, the
EB distributes data between multiple
destinations.In our case Event Broker
receives events from larger number
of SmartConnectors and then it
distributes them to a larger number of
destinations such as multiple Loggers,
ESMs, analytical tools, databases and
other destinations.
ArcSight Product Portfolio Overview
MICRO FOCUS ARCSIGHT:
PAST, PRESENT AND FUTURE
REAL INSIGHT
ROBERT LUBEJ
R&D DIRECTOR
REAL SECURITY
31

REAL INSIGHT
ArcSight Marketplace
Marketplace is a Web-based portal
that provides comprehensive and
timely content to SOCs. It enables to
share or download security packages,
trusted use cases, and best practices
to help manage security faster and
easier. For instance, a while ago,
as a customer deployed ESM, all
content was already installed on
it. This could present a problem as
an administrator could burden the
solution with unneeded use cases.
Nowadays content is based on
Activate packages,
it is a modular content development
framework designed to quickly deploy
or develop actionable use cases. The
framework unifies the development
methodology, allowing the creation of
portable content packages. Activate
packages can be downloaded from
Marketplace to ESM as needed, per
developing use cases. Marketplace
is also a place to search for other
content, developed in house, by third
parties or even by customers.
ArcSight DNS Malware Analytics
(DMA)
ArcSight DMA is a part of ArcSight
Analytics, a family of tools to
complement ArcSight SIEM offering
with next-gen analytical capabilities.
But they can also work independently
of ArcSight SIEM and ADP, meaning
they are standalone tools that can
gather data and perform analytics
on events from multiple sources, be
that ArcSight SmartConnectors in
an ArcSight ADP environment, or
directly from other operating system
and network event sources, and even
from non-ArcSight SIEM solutions.
ArcSight analytics solutions enable
enterprises to detect advanced
cyber-attacks in real-time, giving
security teams the insights needed
to investigate and remediate threats
quickly. Working symbiotically with
SIEM technology, our solutions
analyze and correlate every event
across your IT environment, prioritize
the highest risks, and display the
resulting data in a customizable
dashboard.
DMA is a security analytics solution
which detects malware-infected
hosts and endpoints rapidly with high
fidelity. A patent-pending, unique
data analytics approach analyzes
DNS traffic to identify “bad” traffic
among hosts
and IPs in
real time
to detect
breaches
before
damage
occurs.
Designed in
partnership
with HP
Labs, DMA
equips users with an automated
system for host breach detection,
allowing enterprises to address the
unknown threats quickly, especially
those that are the biggest source
of risk to enterprise applications,
systems, and data. With DMA, users
can detect threats without overloading
SIEM systems with an overwhelming
number of DNS logs. DMA identifies
infected devices with high fidelity,
positively discovering threats on
systems, desktop, and mobile devices
so they can rapidly be contained. This
helps to find the “bad guys” faster by
calling out the malware and reducing
the impact of breaches by identifying
these threats before they gain a
foothold inside your network. With
look-back capability, sources and
spread of malware infections can be
identified to reveal threat intent.
ArcSight User Behavior Analytics
(UBA)
UBA is a user and entity behavior
based anomaly detection tool. UBA
detects unknown threats through
data by creating baselines of normal
user behavior and appropriate
associations, so user and peer
anomalies can be identified in real-
time. Because anomalous behavior
can be a clear indicator of a threat,
the security analyst can quickly
determine whether a user poses an
insider threat or the account may have
been compromised. UBA can help
organizations identify high-risk data
exfiltration, misuse of privileged and
service accounts, and detection of
advanced persistent threats.
When integrated with ArcSight SIEM,
UBA leverages the same security data
collection infrastructure (ArcSight
Data Platform), operational teams,
and incident response processes
already in place to enable detection
of advanced user-based threats.
This, in turn, drives investigation
efficiency and operational savings.
HP UBA connects directly to the
identity and HR repositories as well as
customized, non-traditional identity
information from flat files or exports,
aggregating all identity information
under a single user. HP UBA can also
ingest event information from third
party SIEM infrastructure and custom
applications. Thus it can be used in
environments with our without other
ArcSight products. UBA is integrated
into the SOC workflow, feeding user
centric violations (both behavior
based and policy based) to analysts
or into ArcSight ESM for further
refinement.
ArcSight Analytics
Have you ever seen top-notch
computer analysts in TV shows and
movies, like Bourne Identity or The
Blacklist? They are wizards! They
can solve analytical problems of any
type and now everything about any
technology, from how a microwave
works, to all of the details of airplane
communication systems, satellites,
car hacks, cell phones, building
architecture, power grids etc. Well,
they don’t, but they seem to find
everything they are looking for in mere
minutes, just by using a keyboard, not
even a mouse. They just type in a few
words, perform queries with lightning
speed, and data starts to show, tables
full of statistical information, charts
and plans are drown. Well – with
ArcSight investigate you can become
a wizard like that, this is that kind of a
tool!
A Centralized location for finding trusted security packages
Enhances ArcSight capabilities through new use cases
Is a dedicated learning center to understand best practices
Has the latest updates from ArcSight products, support, & services
Enables users to become security champions and understand Arc-
Sight deeper
ARCSIGHT
MARKETPLACE

REAL INSIGHT
ArcSight Investigate is a next generation hunt and
investigation solution built on a new advanced analytics
platform to serve the evolving needs of security teams.
It helps hunt and defeat unknown threats by processing
large volumes of data almost instantly. Security analysts
are empowered with an intuitive solution to investigate
higher-priority threats quickly and accurately. With the
ability to leverage data lakes, ArcSight Investigate provides
insights from Big Data to drive real value. Investigate takes
advantage of HPE Vertica, a high performance analytics
platform, bringing unprecedented analytical power to the
investigative process. HPE Vertica’s columnar database
responds to queries much faster than traditional row-
oriented databases and handles analytics at exabyte
scale. By embedding this new technology, ArcSight
Investigate can execute searches up to 10X faster than
other investigation tools, returning results in seconds even
for months or years of data. The ability to ask questions
at scale unlocks the opportunity for security analysts to
explore data without limiting the time span or result size of
their searches.
• Execute searches 10x faster using the power of Vertica
• Multi-threaded architecture can process multiple searches instantly
• Provide powerful advanced analytics to uncover hidden insights
• Create queries without having to learn a specific query language and schema
• Filter, select, sort, compare, aggregate data in a familiar interface
• Create data visualizations and a customized dashboard with a few clicks
• Search and access a full range of data across Hadoop and ArcSight Investigate
• Take advantage of insights from Big Data to drive real value
• Access to all your data all the time with efficient storage options
ArcSight Data Platform
ARCSIGHT DATA PLATFORM
33

Celostranska reklama SRC
Dani Reklama : SRC
F U T U R E
W E L C O M E T O T H E
E N J O Y Y O U R J O U R N E Y
SRC d.o.o., Tržaška cesta 116, Ljubljana | T: +386 1 600 70 00 | E: info@src.si | www.src.si

Secure Mobile Workplace
as a Competitive Advantage!?
REAL INSIGHT
35
Workplaces have already gone digital and mobile!
Work has changed. Life has changed. Security has
changed. Global digital transformation is driving the
fundamental change of almost any industry. We are
moving from centralized to decentralized structures and
to mobile workplaces. Employees anywhere using their
smartphones, tablets and laptops or PCs for improved
customer services, sales, data access or transactions.
Storage capacities of mobile devices have multiplied over
the last years. Today, users may store more data on their
mobile phones than a data center around millennium.
While everyone agrees securing a data center – mobile
workplace security appears to be still in an infant state.
New workplaces require new security concepts
Substantial changed IT structures, user behavior, mobility
and client system possibilities do require improved mobile
authentication and secure communication capabilities.
Since 1960 and before, username & password had been
the primary authentication option. Almost everything
within IT has changed – authentication often follows
still ancient (unsecure) rules. Most recent concepts of
biometric authentication (fingerprint, eyes, face) do improve
authentication for mass market, consumer level security
requirements, but each are using their own different,
proprietary technology, evolving fast and may not satisfy
to provide device independent, cross platform, certified
security.
How to combine “consumer like ease of use” with
corporate level security?
Every employee is a consumer and most consumers
are working for a company. Lines are blurred between
consumers and companies. Employees want simple, easy
to use tools, which integrate seamless into their “always on,
always connected” daily work ecosystems.
Making username and passwords longer or more complex
does not work; people have dozens or hundreds of
accounts – no one can remember. Password manager
trying to solve this problem. Not a bad idea, but making
only half the way. Password manager helping to manage
an infinite number of passwords, but still only protected
by another password. And everything, including user
and decryption keys and certificates, are still stored on
the device. No Two-Factor, device independent, certified
security – which is strongly recommended for corporate
environments.
More flexibility through device independent and
certified “off-device” key storage
Mobile device independent, (EAL 5+) certified key
and certificate storage is available for many years as
a secure element on industry standard smartcards. In
most organizations today, these smartcards are only
used for two factor authentication and encryption in non-
mobile environments, i.e. for laptop, desktop & server
authentication, etc.
Now, new device connection technologies, like
Bluetooth Low Energy, enable smartphones, tablets
and laptops connecting wireless to smartcards. This
is a perfect combination of easy to use and corporate
level, device independent, certified security. After a
one time initial setup, the user just enters his numeric
PIN for authentication or encryption processing. The
wireless smartcard can be used for multiple devices, i.e. a
smartphone, tablet and laptop.
Wireless smartcards combining ease of use with
corporate level security
Wireless smartcards are available now through wireless
smartcard readers, i.e. “AirID” (credit card sized cards) or
“ONEKEY ID” (micro SIM) and they support all relevant
operating system platforms, like iOS/Apple, Android,
Windows, MacOS and Linux.

REAL ANALYSIS
While Windows has a built-in smartcard support, other
operating systems do require either third party software or
some integration work. This applies typically to any secure
authentication and or encryption solution.
Wireless smartcards securing Bring Your Own Device
(BYOD) for most organizations
As smartphones technology develops faster and faster,
employees asking desperately to get instantly new
versions, like iPhone X, iPhone 8, Samsung Note 8 and
other top-level devices. To escape the accelerating costs
for new mobile devices and to satisfy employee’s request,
many organizations consider allowing employees bringing
in their own devices for corporate use. While reducing the
problems of increased costs and device administration,
BYOD enforces storing corporate data and confidential
user credentials and keys on a user owned device – which
is not the property of the organization.
Off-Device key storage on wireless smartcards kills
several birds with one stone.
First, storing user credentials and keys on a company
owned wireless smartcard ensures that confidential
user credentials and keys are always be stored only on
a company owned device. Second, wireless smartcards
enabling easy to use two-factor authentication for
mobile devices of any kind and platform. Third, wireless
smartcards making a cooperation independent from fast
evolving proprietary security design of each operating
system platform.
Mobile security concepts shall include most typical
communication – mail, chat, voice!
Mobile security is not only two-factor authentication, a
mobile device or application management system (MDM/
MAM) and may be a VPN client. Mobile security needs
more.
Most confidential data and information is sent, received
and stored on the device by mail, chat and voice
communication. Therefore, a holistic mobile workplace
security concept should include secure mail, chat and voice
communication. Some MDM vendors provide a mail client
as part of their offering, unfortunately most of them do not
support smartcards as an “off-device key storage”. Secure
voice and chat applications are typically never included in
MDM solutions.
Flexible options, independent from MDMs, are third party
apps. i.e. “ONEKEY MAIL” for secure, encrypted (S/MIME &
PGP) mail storage and “cgPhone” for End2End encrypted
voice and chat communication. Both do support wireless
smartcards, enabling a fully protected, encrypted and
secure mobile client workplace.
Secure mobile workplaces becoming a major
competitive advantage
Many companies struggling to attract new, high potential
employees. Attracting highly skilled staff has become a
major success factor throughout an increased digitized
world. Employees require more flexibility, increased
mobility, better tools and “always on” and “always
accessible” – if required. The new options, mobile
connected, wireless smartcards in combination with
independent mobile secure mail, chat and voice apps
transforming today’s mobile security challenge to a winning
combination of consumer level ease of use with corporate
level, device independent and certified security.
Written by Jan C. Wendenburg, CEO of Certgate Gmbh
36

REAL ANALYSIS
Predstavitev rešitve Micro-
Focus Dani "ADM rešitve :
Privredna Banka Zagreb
implements new mobile ap-
plication strategy"
37

78%
38%
32%
20%
52%
Distributed denial-of-service (DDoS)
attacks have increased, and research
shows that on average, a DDoS attack
can cost an organization more than
$2.5 million in revenue. As a small or
medium-sized business owner, you
may be thinking “hackers only use
DDoS on the big boys” or “I’m not big
enough for them to care.” But these
disruptive attacks are getting worse,
and they’re moving downstream. To-
day, they affect everyone from the
largest organizations to smaller com-
panies that are being hit either directly,
or as a by-product of one of their ser-
vice providers being attacked.
In a sampling of customers, Neus-
tar found in a recent study that 78% of
organizations that generate $50 mil-
lion to $99 million per year had expe-
rienced a DDoS attack at least once
in the last 12 months, and of those or-
ganizations attacked, 86% were hit
more than once. Small and midsize
companies are tempting targets be-
cause often they are armed less with
heavy tech investments, services, and
staff.
Companies also often overestimate
the “protection” offered by ISPs and
cloud service providers, such as Am-
azon Web Services. These organiza-
tions can only provide so much pro-
tection. Their priorities are protecting
their backbone and availability servic-
es for all customers, not protecting any
specific entity. When DDoS attacks
become too large and create collateral
impact, all traffic to that targeted host
starts getting blocked or “blackholed.”
This effectively takes those business-
es offline. To add insult to injury, often
if you rely on an ISP or cloud service
provider, it will not only bring down
your site but also charge you for the
traffic overages that happened during
a DDoS attack.
Additionally, attackers perform recon-
naissance on targeted infrastructures,
and it is easy to identify Domain Name
Servers (DNS) service providers for
online sites. Because of financial and
technical acumen factors, many grow-
ing businesses opt to provide their
own DNS service. This is not difficult
and requires little maintenance. The
downside is that DNS is an inherent-
ly vulnerable service because it needs
to be exposeda in order to work.
When attackers scout targets, they
understand that large DNS providers
are highly redundant and highly re-
silient. In comparison, organizations
managing their own service are far
more likely to be susceptible to failure
and collapse with the right cyber at-
tack. This makes self-managed DNS
organizations more-tempting targets,
not only because their DNS is easier
to attack but also because self-man-
aged DNS often lacks the resiliency
and redundancy that make it more dif-
ficult to take down and is also likely an
indicator of additional (and vulnerable)
SMBs Are Hot Targets for DDoS Attacks
WHY SIZE DOESN’T MATTER
NICOLAI BEZSONOFF
GENERAL MANAGER, SECURITY
SOLUTIONS, NEUSTAR
Companies both large and small are targets.
Never think “I’m not big enough for a hacker’s
attention.”
of SMBs were attacked at least once in the last 12 months, with 86% of those attacked hit more than
once, and 34% of those attacked hit more than five times, indicating they had become tempting tar-
gets.
saw malware activated during DDoS attacks, demonstrating a vulnerability to phishing and coordi-
nated assaults on SMBs by savvy attackers.
lost customer data records in concert with DDoS attacks, indicating a specific, targeted attack on a
more vulnerable target. In many cases, a loss of data required a subsequent disclosure in line with
industry regulations (PCI, HIPAA, and other compliance).
of those attacked also experienced ransomware along with the DDoS attack, resulting in either further
ransom payments that had to be made, or additional downtime or other actions required to re-estab-
lish services and access to data.
needed more than three hours to detect and determine a DDoS was underway. Once detected, 43%
needed more than three hours to respond to a DDoS attack once identified, likely because of limited
investment and resources, and overestimation of protection offered by ISPs and cloud providers.
Neustar research data on almost 200 midsize businesses (organizations that generate $50 million to $90 mil-
lion per year) found the following in trends in SMB DDoS attacks over the last year:
REAL INSIGHT
40

REAL INSIGHT
1. What layers of protection do you offer?
Because no single protection is failsafe, the answer to this question will
help an organization understand the methods and technologies being used
to protect its site.
2. How variable is the cost of prevention?
If I’m hit with a really big attack, will the mitigation costs spike to the point
that I can’t afford them?
3. What is your average response time?
Even the largest cloud providers often have a surprisingly slow response
times.Smaller organizations in particular should ensure that they won’t be
put at the bottom of a priority list in the event of attack, making their likely re-
sponse times even longer.
4. What is the size of your network that’s protecting me?
This will indicate how large an attack a provider can withstand.
5. Where are your DDoS mitigation facilities located globally?
This helps organizations understand if DDoS mitigation capabilities comply
with the various regulations that vary by country.
The top five questions that organizations should
ask their DDoS protection providers
self-managed security within an or-
ganization.
Because DDoS attacks have grown
in severity and scale, small and mid-
size businesses should be vigilant to
the fact that they are increasingly at-
tractive targets.Although cloud and
hosting providers can offer some lev-
el of protection, these businesses
should remember that a hosting pro-
vider’s priority will always be to keep
its backbone and basic services up,
and individual site vulnerability will al-
ways come second.These organiza-
tions must educate themselves about
the variety of DDoS protections avail-
able in the marketplace and deter-
mine which options can cost-effec-
tively meet their needs.
As large enterprises become more
sophisticated in their DDoS defenses,
small and midsize organizations will
continue to become an increasing-
ly attractive target for attackers.Start
asking these questions and putting
in place protections now, before your
brand, reputation, and bottom line
take a hit from these attacks.
Shifting
Defensive
Strategies
Percent of companies adopting
multi-layered defensive strategies
41

Remember the days when opening
the box to a new piece of equipment
led you to the ‘user guide’ before the
equipment was unpacked? The user
guide... that thick book with chapter
upon chapter of warnings, diagrams,
directions and commands.
A little later on, the CD replaced the
user guide. Then came a piece of pa-
per with a web address on it. Your user
guide could be found on the compa-
ny website. All these formats were im-
provements on the previous tech-
nology. However, they all were just a
different way of providing the same
cumbersome, time consuming warn-
ings, diagrams, directions and com-
mands. What if there is a better, faster
and more accurate path to deploy-
ment than merely reformatting the di-
rections?
Network Critical, a new REAL security
partner, has found a better way. First,
a little information about the company.
Network Critical is a global innovator
who has an impressive string of dis-
ruptive firsts. They were the first com-
pany to develop network TAPs that
can be permanently installed in net-
works, providing visibility to security
and monitoring appliances without im-
pacting network reliability and avail-
ability. Twenty years and 5,000 cus-
tomers later, Network Critical is still
impressing with TAPs and Packet Bro-
kers that provide many new intelligent
features.
TAPs were initially used as a tool for
network diagnostics. When there was
a problem, an engineer attached a
TAP to the problematic link and con-
nected a probe or sniffer to the TAP.
This would provide simple access to
network data flows for traffic analysis.
Network Critical, at the request of
one of their largest customers, em-
barked on a program to develop a TAP
that could be permanently attached
to links. They solved power manage-
ment and downtime risk by develop-
ing a flexible modular chassis with fail-
safe technology that kept the network
up even if the attached probe went
down.
It is a small step from using safe and
reliable TAPs for connecting monitor-
ing equipment to using the same tech-
nology for security appliances. While
permanent and consistent network
monitoring is still essential for network
management, network security is the
prime focus of network managers.
As network hackers and criminals
continue to attack networks in search
of confidential customer informa-
tion and financial bounty, the need for
many specialty appliances to protect
links has never been more acute.
In a complex network with many links,
it would be cost-prohibitive to connect
numerous appliances for various se-
curity specialties, to every link. Fur-
ther, each appliance that is directly
connected to a link negatively impacts
the reliability of the network and its
availability to authorized users.
The solution is to use a TAP connect-
ed to the link and also attach it to the
appliances. The TAP then acts as
a fuse between the production traf-
fic on the link and the information flow
to the appliance. The TAP connects
to the live link, makes a mirror copy of
link traffic and forwards that traffic to
the appliance for processing, analy-
sis and reporting. The appliance, in
this instance, is not actually looking
at the real traffic. It sees a copy of the
live traffic. That way, if anything goes
wrong with the appliance, the live net-
work is not affected.
As the types of network attacks con-
tinue to get more and more sophis-
ticated, Network Critical introduced
Packet Brokers to manage large num-
bers of links and appliances providing
just the right data to each appliance at
the right time. Packet Brokers provide
advanced features such as port map-
ping, filtering, aggregation and regen-
eration for larger networks. Limitations
regarding speeds, feeds and the num-
bers of connected security appliances
are solved by Packet Brokers.
The other major problem solved by
Packet Brokers is CAPEX. In a large
cloud provider network or a global cor-
porate network, it is cost prohibitive to
deploy all the necessary specialized
security and monitoring appliances on
every link. Using filters can reduce the
amount of bandwidth sent to each ap-
pliance. Once filtered, a single appli-
ance is able to manage data aggre-
gated from many links using only the
information it requires to perform its
function.
Port mapping is the enabler for ag-
gregation and filtering. When many
links are attached to the Packet Bro-
ker, each link is assigned to a specif-
ic port. Mapping the data on network
link ports (input) over to the appliance
ports (output) allows the easy move-
ment of data between network ports
and appliance ports.
Complex networks require more com-
plicated algorithms in order to get data
to an appliance. In many cases, infor-
mation may be filtered out of one net-
work port before being sent to an ap-
pliance, only to be required by another
appliance down the line. This is called
hierarchical filtering. The math can get
quite complicated and mistakes can
take down links.
Network Critical has solved this prob-
lem by developing Drag ’n Vu™ - the
fastest, simplest, most accurate de-
ployment and management tool avail-
able. Integrated into its SmartNA TAPs
and SmartNA-X™ Packet Brokers,
Drag ’n Vu™ does the math for you
and takes the guess work, time and
complexity out of deployment.
Getting back to the original theme,
Network Critical TAPs and Packet Bro-
kers do not have user guides, CD’s or
web sites that must be digested pri-
or to plugging in the power. All the in-
formation you need to know is at your
fingertips as you go through product
set up. Just drag and click as you go
along. If you have questions, there is
a “?” button at every step of the way to
alert you to issues or offer
Intuitive Simplicity from Network Critical
Bart Pellegrom, EMEA Sales Director
42

suggestions. For those of us who hate
user guides, in any format, Drag ’n
Vu™ is a revolution. It is the network
manager’s version of a self driving car.
Drag ’n Vu™ has taken initial deploy-
ment, including port mapping and fil-
tering input, down from hours to min-
utes. A simple port configuration can
be accomplished in less than a min-
ute.
We all know that the only constant in
networks is change. When you can
take deployment, configuration, re-
configuration and other changes from
hours to minutes, the costs of opera-
tions are dramatically reduced. So the
product not only helps reduce CAPEX
with intelligent features, the Drag ’n
Vu™ innovation reduces OPEX as
well. Scalability is also an important
part of managing change. The Smart-
NA-X™ fully modular chassis system
makes changing configuration and
adding links as simple as sliding a new
module into a chassis slot. SmartNA-X
can also combine TAP and Packet
Broker functions in the same chassis.
This makes it easy to start with only
what you need at present, and add
modules for growth later. We call this
future-proofing.
Packet Brokers are also proving help-
ful as new regulations such as GDPR
are introduced, protecting the rights
of data subjects. Privacy rights of data
subjects are coming to the forefront of
regulatory activity. During the last few
years, a number of very large, very
public breaches have been reported
affecting millions of citizens.
Effective May 25, 2018 all compa-
nies in the European Union that con-
trol or process data will be required to
comply to certain regulations. They in-
clude a cyber security plan and spe-
cific rights of the data subjects whose
information the company controls.
Network Critical has a compliance
solution for that - a solution for helping
protect the network from intrusion and
data loss.
Many people think of network visibil-
ity as an afterthought once their data
security appliances are evaluated and
chosen. The better plan is to look at
TAPs and Packet Brokers as an inte-
gral part of the cyber security platform.
It is well-known that in order for net-
work engineers to manage networks,
they need visibility to the network traf-
fic. How do companies protect confi-
dential data when network managers
are using probes and sniffers that can
see everything passing through?
The PacketPro™ module. This allows
network managers to “slice” packets
so only the header and footer informa-
tion is visible and payload is eliminat-
ed. This also speeds up processing.
However, what can be done when the
traffic analysis requires visibility to the
entire packet? PacketPro™ has the
capability to anonymize the payload,
protecting private information while
providing accurate traffic data for anal-
ysis.
It pays to stay in touch with Network
Critical. Their engineers are hard at
work innovating and designing for to-
morrow’s visibility as well as refin-
ing today’s products. Keep in touch
as we will shortly introduce our intui-
tive 100G solutions which will lead the
industry and as network speeds in-
crease and network complexity grows,
it is good to have products that can
keep deployment simple.
No user guide needed.
43

REAL INTERVIEW
Who is Versasec and what
products do you offer?
Versasec is the leading global identity and
access management provider, offering innovative high-se-
curity, cost-effective solutions for managing digital identi-
ties.
Our solutions are state-of-the-art, affordable, easy to inte-
grate and highly secure. Our flagship product, vSEC:CMS,
makes it simple for enterprises of any size to deploy phys-
ical and virtual smart cards. It means our customers can
securely authenticate, issue and manage user credentials
more cost effectively than other solutions on the market.
We pride ourselves on offering solutions that are easy to
integrate, and backed up with first-class support, mainte-
nance, and training.
We service our customers through partnerships with lead-
ing resellers around the world, and through our offices in-
cluding our headquarters in Sweden, as well as our ad-
ditional locations in New York, Redwood City, Dubai, the
United Kingdom, France and Germany.
What are the latest trends in identity and access man-
agement technology?
Today’s employees need access to an abundance of data
and from more and more widespread locations. With in-
creasing numbers of big data breaches linked directly to
employee credentials being hacked, stolen or otherwise
exploited, organizations simply must do a better job of pro-
tecting their customers’ data. The trends around IAM to-
day center on ensuring that happens. The industry is mov-
ing much more toward virtual smart cards, making it easier
and less costly for employees to access the data they need
without having to carry a physical smart card. The move
to multi-factor authentication – ending the days of pass-
word-only security – also has gained tremendous momen-
tum in the wake of many well-publicized breaches. Com-
panies also are dealing with a more mobile workforce that
relies on a variety of apps to get their jobs done – each with
different security requirements. The bottom line is that de-
spite so many variables, companies must understand who
is accessing their data from where and when, authenticate
those users, and ensure they are accessing only what they
need to get their jobs done.
How will the new European Union General Data Pro-
tection Regulation (GDPR) affect the IAM market in Eu-
rope?
The General Data Protection Regulation (GDPR) is all
about protecting data, and that’s where IAM excels. The
GDPR, which will be fully in force in May 2018, is intend-
ed to strengthen and unify data protection for all individu-
als within the European Union (EU), and even offers provi-
sions that address the export of personal data outside the
EU. In essence, the GDPR aims to return control to citizens
and residents over their personal data while simplifying the
regulatory environment for international business with uni-
fied data regulations within the EU.
In all of this, IAM technologies are seen – and rightly so
– as critical elements. Identity and access management
technologies are essential in governing data more com-
pletely, in better regulating and monitoring access to data,
expanding control around data, in ensuring compliance
with regulations including the GDPR and beyond. IAM is
crucial in mitigating risk – for companies, for customers –
for everyone.
How will Versasec products help companies comply
with the new GDPR regulations?
Versasec makes it far simpler to comply with the GDPR
regulations because we make protecting data more thor-
oughly possible. The GDPR regulations task companies
with authenticating users, authorizing those users with cer-
tain levels of permissions to access data, administering ac-
tivities, and having audit capabilities for all of these areas.
IAM solutions from Versasec provide all of those capabil-
ities in an easy-to-deploy and easy-to-manage solution.
With vSEC:CMS, organizations gain strong authentication
so the company knows the right people are accessing the
data they need to get their jobs done and more, dramatical-
ly reducing the risks associated with data loss. vSEC:CMS
makes it simple to review details that help companies know
and assign permissions, and even end permissions and
access as soon as an employee’s job ends.
What advice can you give small- and medium-sized
businesses to better secure their organizations?
The best advice I have is also the simplest: protect your
data with multi-factor authentication. Just recently, Juni-
per Research in the UK estimated criminal data breach-
es will cost businesses more than $8 trillion over the next
five years. That’s frightening to businesses and consumers
alike. But simply by knowing who is accessing the data and
when will go a long way to reducing this risk. The Juniper
report called, “The Future of Cybercrime & Security: En-
terprise Threats & Mitigation 2017-2022,” predicts that per-
sonal records stolen by cybercriminals will reach 2.8 billion
in 2017 and almost double to 5 billion in 2020, despite new
security technologies to thwart cyberattacks entering the
market. So, it behooves companies to do everything they
can to mitigate those risks. By employing multi-factor au-
thentication methods, your data is going to be far more se-
cure.
WHO IS VERSASEC?
Interview with Jon Snow, Versasec CEO
44

UNDERSTANDING POST-BREACH THREAT DETECTION
IN THE DIGITAL ERA
46
The Verizon Data Breach report states
that 83 percent of security breaches take
organizations months or even longer to
discover. Data breaches are not a one-
off process but rather, an ongoing one.
Therefore, an ideal threat detection solution
delivers an integrated, multi-surfaced
detection across the organization’s entire
network, endpoints and devices, focusing on
the entire attack cycle, and continuously cross-
referencing events at every phase. Security
vendors need to develop defense technologies
at both the network perimeters, as well as
inside the network for post-breach threat
detection and protection.
REAL INSIGHT
Cyber security is quickly becoming
the biggest concern for enterprises in
Europe, causing enormous financial
and political damages to corporations,
institutions and government agencies
across the region.
While the businesses are moving
towards a digital economy, they are
also opening a whole new surface
area for hackers to attack. The
emergence of digital technologies
such as cloud has enabled attackers
to employ more sophisticated attack
tactics such as exploiting zero
day vulnerabilities, using modified
malware, customizing threat tools
to escape detection by traditional
firewalls and even signature-based
next-generation firewall (NGFW) at
network perimeters.
How data breaches happen
Typically, the data breaches are
executed by physically accessing a
computer or network, or by bypassing
network security remotely; the latter
being the most popular technique for
targeting big organizations.
Many of the cyber-attacks that we
witness today are not random,
but are a result of methodical and
carefully planned attack strategies.
To execute such large-scale attacks,
cybercriminals typically start by
identifying the weakest link in the
target organization’s security - its
people, systems, or network. Once the
attack point has been identified, the
cybercriminal makes the initial contact
with the target by
leveraging either a
network or social
attack.
Network attacks
exploit an
organization’s
infrastructure,
system, and
application loopholes to breach the
network by leveraging tools such
as Viruses, Trojans, spyware and
rootkits. On the other hand, the
social attack involves tricking the
employees into giving access to the
organization’s network through tactics
such as phishing, drive-by downloads,
and more.
Once the cybercriminals have
secured access to the company’s
network, they further lower the
security by infecting endpoints and
devices across the network. With
the lowered defense, attackers can
extract maximum data from the
network without getting caught. The
extraction process can vary from a
day to weeks or months, depending
on the magnitude of the attack.
Why we need threat detection
According to the 2016 Verizon
Data Breach report, 83 percent of
security breaches took organizations
months or even longer to discover.
While enterprises are bolstering
their security, so are attackers
with their attack methods. With the
rapidly evolving threat landscape,
it is becoming even harder for
businesses to identify new attack
patterns and stop them in time. Threat
detection comes to the rescue in such
scenarios, enabling businesses to
not only identify the intrusion after it
has happened but also mitigate the
damage in time.
Data breaches are not a one-off
process but rather, an ongoing one.
With most of
the data ex
filtration typically
happening after lowering the first
line of defense such as network
perimeter, employing threat detection
technology can help enterprises
to enhance their security to a large
extent.
Effectively detecting threats
An ideal threat detection solution
will provide security analysts with an
integrated, multi-surfaced detection
across the organization’s entire
network, endpoints and devices.
Rather than a single attack vector,
the solution needs to focus on the
whole attack cycle also known as
“cyber kill chain”, continuously cross-
referencing events from every stage
in the chain to give analysts a holistic
view of network security.
Some of the key characteristics of a
robust threat detection solution are:
• Rich Forensic Analysis: By
leveraging the forensic information
attached to each of the attacks,
security analysts can determine the
origin of the attack, the severity of
the attack, and the methodology
employed to execute it. This allows
analysts the ability to modify security
policies to prevent similar and future
intrusions in the network.
• Abnormal Behavior Detection:
Through efficient behavior modelling,
analysts can identify abnormal
attack patterns as well as the known
malicious attacks as well as in real-
time, enabling analysts to prevent
advanced level of threats quickly.
• Threat Correlation Analytics:
By leveraging threat correlation
analytics, analysts can trace the
entire kill chain for cyber breaches as
well as identify the stage where the
risky host resides to reveal the extent
of the damage for the attack and take
mitigation measures accordingly.
ALEN SALAMUN
CTO REAL SECURITY

REAL INSIGHT
Figure 1: Detected C&C activities
In figure 1, there are detected threat events that point to suspected C&C
activities with detailed information. These threat events can be reported from
one of the IPS/AV engines, advanced malware detection engine and DGA
detection engine.
Figure 2: Detected lateral movement activity
In figure 2, there are detected threat events that point to suspected lateral
movement activities with detailed information. These abnormal behaviors are
detected by an abnormal behaviour detection engine.
Detecting Post-Breach Threats in
Action: Using Cyber Kill Chain
The Cyber Kill Chain model provides
real time visibility and deep insights
into the post-breach threat attack
path inside the victim network. Threat
intelligence information is provided
from multiple detection engines and
mapped against the CKC stages with
forensic evidence data and other
actionable options.
The detection engines include
signature based IPS/AV, they also
include engines that are based on
machine learning modeling using
large amounts of malware samples
as well as L3-L4 behavioral-based
modeling for host or server machines.
For today’s cyber threat attacks,
simply compromising and breaking
into a victim host machine and
network is no longer the only goal.
Instead, the attackers carefully design
and utilize post breach activities at
different stages to achieve different
purposes. In such case, it requires
security vendors to continuously
develop defense technologies at
both the network perimeters as
well as inside the victim network for
post breach threat detection and
protection.
47
for detailed information on Hillstone Networks solutions,
contact Alen Salamun (alen.salamun@real-sec.com)

REAL INTERVIEW
Kindly tell us about
certgate GmbH in
brief. Please highlight some of the
Security Solutions you provide to
your clients.
Thank you first having the opportunity
to present our company to Real
Security’s partners and clients.
certgate is one of the leading German
based security solution providers,
focused on mobile security products
and solutions. certgate has been
founded in 2004 and we have
offices in Nuremberg (near Munich),
Hannover and Dusseldorf. Certgate
is owned by the largest private
equity company in Germany and the
management.
Our offering is twofold and works
hand in hand. First, certgate APPs
are securing corporate mobile
communication with regards to
End2End encrypted voice, chat and
email. Our solutions protect data at
flexible security levels, from software
based to hardware protected 2-factor
authentication and encryption.
Secondly, our wireless smart cards
enabling any organization to expand
proven desktop security into mobile
platforms. Our solutions integrate with
global mobile device management
solutions and will improve protection
for enterprise mobile data on travel
and on rest.
Briefly tell us about the CEO of the
company.
Sure. I am working within IT security
for many years and have founded and
operated international companies
with offices in Germany, Americas
and Asia. I started my career at IBM,
restructured an IT distributor, co-
founded an international venture
capital firm and then founded an
international IT security company,
which I sold to a larger swiss public
company. During last year, I have
been appointed as CEO expanding
certgate’s operations, to develop the
solution portfolio and to enhance our
vision.
Kindly brief us about your
strategies to tackle the
competition. Also, tell us about the
benefits of these features over your
contemporaries.
certgate has been a long-term IT
security innovator and our patented
and unique mobile security products
and solutions provide maximum
security at minimum user impact.
In general, software based mobile
security solutions rely on the safety
of the underlying operating system.
If you encrypt confidential data and
store the key on a vulnerable device
/ operating system – all your data is
at high risk. We really help our clients
to eliminate this risk. Our clients
storing their valuable keys wirelessly
on global certified secure elements.
They truly protect their mobile data,
mails, chat and voice communication.
This works mostly independent of
the security of the operating system,
i.e. Apple/iOS, Android, Windows,
MacOS or Linux.
How do you work on your long-term
relationship with your clients?
IT security is a matter of trust and the
core fundament of all our client and
partner relationships. We include our
clients and partners into the product
roadmap plan discussions to receive
feedback on current products and
future concepts. We believe active
communication and transparent
support processes helping to build
and increase trust with our clients and
partners.
What are the values and factors
that you attribute your success to?
We would also like to hear a unique
one line quote that resonates with
certgate GmbH and identifies with
your clients.
certgate’s success is based on
a restless, paranoid approach to
combine maximum security with
minimum user
impact. We are working very
intensively with our partners and
clients, no matter of platform,
geography or language.
If you want to put our credo into one
quote it may sounds like: “We secure
our clients mobile communication, no
matter if voice, chat, email or data. Our
clients are protected independently
from BYOD or corporate devices - Any
time, any place, any device.”
What lies ahead in the security
services sector and how well
prepared certgate GmbH is?
Within IT security, there are a few
major trends, which are important to
watch: Everyone and everything goes
mobile. Users request simple user
interfaces. Consumerization is key. IT
security should have no user impact.
IT attacks will increase dramatically.
Artificial intelligence automation
will put almost any software based
security concept at high risk.
Certgate is very well prepared to drive,
follow and comply with these trends.
While the first trends are short to
medium term – the last one “artificial
intelligence (AI)” will have the biggest
impact. AI will be the most dangerous
one with regards that hackers will
use AI to find vulnerabilities and
completely new ways to invade
infrastructures and gather user keys
and credentials.
certgate’s solutions combine high
security with consumerization and
include the option to use proven,
certified secure elements. They
are perfectly protected against new
weapons and attacks, which will
definitely arise in future.
Wiretapping for anyone is only three clicks
away. Each organization must now secure
their mobile communication and data.
JAN C. WENDENBURG, CEO CERTGATE GMBH
48

Stop the
Most Attacks
CARBON BLACK.COM

REAL INSIGHT
Introduction
Over the last few years a number of
TLS connections inside corporate
networks have increased significant-
ly. The percent of encrypted internet
traffic has passed 50% last year and
it doesn’t look like this trend is going
to slow down anytime soon. While it is
very good to observe that encryption
is getting widespread adoption, it is
worth remembering that security has
many faces. In corporate networks
it is crucial for security teams to con-
trol traffic exchanged with the outside
world. Incoming traffic may contain
harmful software such as viruses or
ransomware. Malware designers have
already started to use TLS to hide traf-
fic that should never be detected by
security software. Moreover, as it is
now possible to get trusted certificates
for free, the assumption that “a pad-
lock in a browser address field means
the webpage is secure” is no longer
valid. There is also a huge demand
to control traffic from a local network
to the internet. It may contain confi-
dential data that should never leave a
company’s internal infrastructure.
There is a large market of tools spe-
cialized in traffic analysis that helps
network administrators to provide nec-
essary safety and guidance for net-
work traffic control. However, IDS
(Intrusion Detection Systems), IPS (In-
trusion Prevention Systems) and DLP
(Data Leak Prevention) tools may be-
come powerless when the traffic they
are monitoring is encrypted eg. with
the TLS protocol. One way to deal with
this problem would be to block all TLS
traffic, but of course, that is totally im-
practical nowadays. The only way to
get inside it is to use a controlled MiTM
technique which we will describe be-
low.
Lynx, developed by our company, is
an enterprise class product which per-
forms security driven TLS intercep-
tion. Using FreeBSD as our base sys-
tem we were able to create a product
that can greatly outperform compet-
ing products from leading vendors on
the market. Over the past two years
we have tested and experimented with
a number of approaches to fast pack-
et processing.
Result
The device operates in transparent
bridge mode, capturing selected net-
work traffic. SSL/TLS sessions are
terminated on the device in such a
manner that the client software thinks
that it is communicating with the target
server. The client software uses the
original address of the target server.
Lynx can be configured in two ways –
as inline or out-of-band. Client data ar-
rives at the input interface, where it is
decrypted by the Lynx software. Fur-
ther actions are directly dependent
on the selected configuration mode.
In the out-of-band mode, when con-
necting to the target server, a copy of
the traffic is sent to the so-called span
interface, to IDS/IPS devices. Once
analyzed, the RST packet may be re-
ceived, terminating the established
connection. In the inline mode, the de-
crypted traffic is subjected to direct
analysis. Then, once the results of the
analysis have been received, Lynx en-
crypts the traffic again and establish-
es a connection to a target server. In
this mode, the analyzed packets may
be modified by the analyzing devices.
For unencrypted traffic that will also
pass through Lynx, it is sent to the
IDS/IPS system without any modifica-
tions. Network data flow is fully cus-
tomizable and many data flow models
can be defined for convenient integra-
tion with an existing IT infrastructure.
Thanks to all of the experiments and
optimizations that we’ve undertaken,
we’ve been able to reach 50 Gbps of
encrypted traffic throughput. Further-
more, the number of interfaces allows
us to feed up to 16 analyzing appli-
ances with data flow, simultaneously.
WHEEL LYNX
SSL/TLS DECRYPTOR
50
INLINE MODE OUT-OF-BAND MODE

REAL INSIGHT
“ Creating the world’s fastest SSL/TLS decryption tool was a huge undertaking. It involved months
of work analyzing and testing hardware, identifying an optimal system architecture and lab testing.
All, so we could present our finished product, which will revolutionize the industry.”
All of the above gives us an edge over competing products
and allows our customers to make full use of their anti-mal-
ware infrastructure.
Specifications
The latest model of the appliance - Wheel Lynx SSL/TLS
Decryptor Infinity stands in a class of its own. An incom-
parable throughput of 50 Gbps of TLS traffic classifies the
solution as a high-bandwidth decryptor. As mentioned
above, the types of configuration offered, together with as
many as 32 network interfaces make Lynx very flexible in
terms of implementing it in various types of architecture.
We still see a lot of room for improvement that we would like
to explore in the future.Currently our biggest bottleneck is
memory bandwidth, but there is also a broad range of opti-
mizations that can be done on NIC cards.The next stop for
Lynx is 100Gbps. Stay tuned!
Pawel Jakub Dawidek, CTO of Wheel Systems
NAKIVO CASE STUDY
NAKIVO Helps China Airlines Instantly Recover VMs, Save 60%
of Storage Space, Cut VMware Backup Budget by 30%
Business Challenge
Established in 1959 in Taoyuan City, Taiwan, China
Airlines is one of the leading airline carriers in Asia.
The company is headquartered in Taiwan Taoyuan
International Airport and has over 12,600 employees as
of August 2016. The airline operates in 4 continents, 143
destinations in 29 countries/districts, and deploys 92
aircraft.
China Airlines’ IT infrastructure consists of two data
centers. “We have more than 60 VMware ESXi hosts
and over 900 VMs. The VMs run our core applications,
including our GPS system, Flight system, OA system,
Microsoft SQL, Exchange, and file servers, and
other workloads,” says Stivan Chou, China Airlines’
Representative.
At China Airlines, VMware VMs run both business-
critical applications that are in charge of their daily
operations and processes, and the airline’s website
that provides customers with up to date information
regarding flights, bookings, and check-in options. “We
have to keep our data safe because we are in the aviation
industry. Data loss and downtime will significantly impact
our business, so in case of an emergency, we need to
recover instantly,” says Stivan.
“With our previous backup software, VM recovery was
always longer than we expected. Moreover, this legacy
product did not support the latest version of VMware, so
when we upgraded our system to the newest version,
we could not do backups. We urgently needed to find
another solution that could handle our 900 VMware VMs,
perform fast VM backup and recovery, and read data
directly from disks, bypassing the network,” says Stivan.
51
This is an extract from the article entitled “Lynx. Network Traffic Analysis” by P. J. Dawidek and M. Kaniewski.
The full text was published in FreeBSD Journal, Jul/Aug 2017.

Solution
“We found NAKIVO Backup & Replication online and were
instantly intrigued by its rich feature set,” says Stivan. While
NAKIVO Backup & Replication can be installed on Win-
dows and Linux, deployment as a pre-configured Virtual
Appliance offers an additional simplicity and efficiency. “It
was quite straightforward to import an OVA with NAKIVO
Backup & Replication appliance into our vSphere environ-
ment. We did not have to install and configure an operat-
ing system. NAKIVO Backup & Replication appliance saves
time and does not require constant attention,” says Stivan.
“It is imperative for us to save backup time because we
have 900 VMs to deal with. Daily backups should be per-
formed in 8 hours. After using Hot Add that reads data di-
rectly from source VM disks, bypassing the network, we
were able to reduce backup times by about 10 hours week-
ly,” says Stivan. NAKIVO Backup & Replication automati-
cally uses Hot Add to offload production LAN from the data
protection traffic and increases the VMware backup and re-
covery speed.
The Flash VM Boot feature provided additional time sav-
ings for China Airlines. “VM recovery is way faster than with
our previous backup solution. We use Flash VM Boot in
emergency cases, and this feature has already saved us 2
hours of downtime,” says Stivan. The Flash VM Boot
feature enables China Airlines to boot VMs directly
from compressed and deduplicated backups, elimi-
nating the need to recover the entire VM first. In addi-
tion to instant VM recovery, global data deduplication
provided significant storage space savings for China
Airlines. “Global data deduplication is another amaz-
ing feature. It reduced our storage space by about
60% and allows us to store more recovery points per
VM backup. In addition, we were able to save mon-
ey on direct storage costs and other costs, such as
maintenance,” says Stivan. NAKIVO Backup & Repli-
cation automatically deduplicates VM backups at the
block level and saves only unique data to the backup
repository.
Results
With NAKIVO Backup & Replication, China Airlines
performs VM backups every day. The company has
reduced the backup time by 10 hours weekly with the
Hot Add feature. Due to Instant VM Recovery, China Air-
lines achieved near-instant VM recovery and also reduced
storage space by 60% with global data deduplication. “NA-
KIVO Backup & Replication is an outstanding product that
offers great features and does not break the budget. The
product saved management time by 35% and reduced our
VMware backup budget by 30%,” says Stivan.
For more information visit https://goo.gl/D71vYQ.
REAL INSIGHT
Company Profile
Since being founded in 1959, China Airlines has been
dedicated to delivering the best in-flight experience and
quality to satisfy each passenger. Being one of the lead-
ing airlines in Asia, China Airlines provides routes to 4
continents including commercial flights and freight ser-
vices. While joining SkyTeam as the 15th member on
September 28th, 2011, China Airlines provides more ser-
vices and promotional packages, connecting 178 coun-
tries and reaching more than 1,000 destinations. Its fleet
consists of 92 Airbus and Boeing aircraft, including 71
passenger jets and 21 freighters. The airline’s subsidiar-
ies include low-cost carriers Mandarin Airlines and Tige-
rair Taiwan. China Airlines is committed to the best flight
quality, safety, and treasure every encounter.
For more information, visit www.china-airlines.com.

Your Path to SDN
startswithus!
www.bigswitch.com
www.edge-core.com

Chris Roosenraad, Director of Product Management, Neustar
REAL INTERVIEW
Introduction: Every business has an
on-line presence, and a domain name
server (DNS) is a critical component
of that presence. Chris Roosenraad,
Neustar’s Director of Product Man-
agement offers some ideas and best
practices for ensuring an optimal DNS
strategy.
How does DNS operate?
DNS is a way of mapping a domain
name to an IP address; in much the
same way the white pages used to be
how people looked up phone num-
bers. You need some way to map a
name to a resource. For example, a
user wants to connect to a website,
so it needs the IP address of that site
and DNS is the process that translates
names to numbers. DNS is a funda-
mental building block upon which the
Internet is built.
What are the differences of an au-
thoritative versus recursive DNS?
They have different roles. You need
to publish your IP address, and that’s
the authoritative side of DNS. And
you need to look up those records to
find a web site by its IP address, that’s
the recursive aspect of DNS. It’s also
sometimes referred to as a caching
or resolving server because it caches
the results for set period of time. Then
the next time someone looks it up, you
can publish right from the cache and
it’s much faster. There are a lot of im-
plications as to what you put in that an
swer. Having sub-optimal records can
result in a negative customer experi-
ence. It’s a delicate balance.
How does a primary and secondary
DNS work together and why is it im-
portant to have both? This is part of
the authoritative or publishing function
of DNS. If you only have a single DNS
solution and it goes out or lags in per-
formance, you’re sunk. So, when you
have a primary and secondary DNS,
you are splitting the load between two
services, and the primary updates the
secondary with your DNS configura-
tions. Should primary have a problem,
the secondary can still answer ques-
tions. You can also have two primaries
provisioned independently of each
other. So, you forego the problem of
primary and secondary being out of
sync. That adds complexity, but again
it’s a balancing act.
How can an organization ensure
it’s getting the most out of its DNS?
Every business has some kind of on-
line presence. So, every business can
put a dollar value on an Internet out-
age. Without DNS, your online pres-
ence does not exist. And DNS is
something you can outsource. Even
when you do that, you still need to en-
sure you’re using best practices on a
regular basis—good old spring clean-
ing. This is where engaging with a pro-
fessional services partner for things
like auditing DNS records can help en-
sure efficient DNS functions. DNS is
something you’re constantly balanc-
ing, so you have to perform regular
maintenance.
How should an organization best
secure its DNS and reduce its risk
profile?
There’s securing the DNS infrastruc-
ture and securing the data within the
DNS. The whole point of a DNS is to
publish data, but you need to secure
the infrastructure. The software is sta-
ble, but still needs to be patched regu-
larly. That’s also something for which
there’s a strong argument for out-
sourcing. Securing the data requires
regular audits. You have to ensure the
DNS exposure you’re giving the Inter-
net is what you want it to be, and best
protect your DNS from targeted at-
tacks like DDoS or cache poisoning.
Employing the DNSSEC protocols can
help, especially with ensuring origin
authority and data integrity.
What do you see for the future of
DNS?
DNS isn’t going anywhere. It’s an in-
credibly efficient protocol. It’s an ex-
ample of how the building blocks of
Internet were done right. As Internet
usage evolves, it’s changing how re-
sources are mapped. With the Internet
of Things, there are communications
over the Internet without a human in-
volved. There are ways you can mod-
ify DNS entries to facilitate that.
There’s also full support in DNS now
for non-western alphabets. A DNS is a
foundational building block, but if you
don’t do it right, you’re building on a
foundation of sand.
ON
54
“A DNS is a foundational building block, but if you don’t do it
right, you’re building on a foundation of sand.”

Matic Knuplež, Product Manager
Security and Network REAL security
SECURITY ISN’T A
BUSINESS BARRIER.
IT DRIVES IT!
REAL INSIGHT
MCAFEE SOLUTIONS USED IN THE STUDY ON THE
NEXT PAGE
• McAfee Advanced Correlation Engine
• McAfee Complete Endpoint Protection Enterprise
• McAfee Complete Data Protection Advanced
• McAfee DLP Endpoint
• McAfee Enterprise Log Manager
• McAfee Enterprise Security Manager
CHALLENGES THAT BERKSHIRE HEALTH
SYSTEMS FACED
• Improve and accelerate detection of cyberat-
tacks with limited staff
• Comply with HIPAA and stateprivacy regula-
tions
• Block leakage of sensitive data, yet enable
staff to work with data away from office
• Compress incident response
There’s no doubt that our digital world
is fundamentally shifting. Remote us-
ers, prolific growth of data and devic-
es, cloud infrastructure and consum-
erization are all driving tremendous
growth and advances. However with
these ultra-rapid business, social and
technology shifts, also comes intro-
duced risk. Companies need scala-
ble, intelligent, and adaptive systems
for handling an ever-growing volume
of events while optimizing their ongo-
ing operational challenges.
It is imperative that today’s layered
defense strategy matches the sophis-
tication of modern threats. No indi-
vidual security product can block all
threat activity. The answer to this is
McAfee Security Connected frame-
work, enabling McAfee Comprehen-
sive threat protection to be the only
fully orchestrated approach to block
malware. It intelligently applies the
best technologies at the right time
and in the right place to thorough-
ly analyze and respond to suspicious
files, websites, email messages, and
networks.
With this McAfee users can adopt
best practices unique to their require-
ments and enable an integrated com-
mand and control environment for se-
curity operations teams.
We are proud to be McAfee Val-
ue-Add Distributor and Service De-
livery Specialist in the Adriatic region
and with certified resources we have
proven that we have the skills to con-
figure and deploy McAfee products to
meet customers’ business needs and
address today’s complex threats and
attacks.
55

REAL INSIGHT
In today’s threat climate, Paul Dou-
cette, senior cybersecurity engineer at
Berkshire Health Systems, knows that
total prevention of data breaches is no
longer possible: “It’s more a question
of when and how quickly can I detect
and minimize impact to my business.”
According to the Ponemon Institute’s
fifth annual benchmark study1 on pa-
tient privacy and data security, more
than 90% of healthcare organiza-
tions experienced a data breach in the
past two years, and 40% experienced
more than five data breaches within
the same time period. With protection
of patients’ personal data his top prior-
ity, those are statistics that would keep
anyone up at night.
Total Breach Prevention No Longer
Realistic
For Doucette, who oversees day-to-
day security operations for the grow-
ing, 5,400-employee organization
with three hospitals and multiple clin-
ics and physician offices, the key to a
sustainable, effective defense against
cyberattacks is the ability to detect
threats and respond to them as fast as
possible and to optimize his IT staff’s
resources and priorities.“Prevention
is still very important, but our biggest
challenge has become detection—
more specifically to immediately de-
tect the threats attacking us and then
to respond fast enough so that patient
data and other sensitive information
is not impacted,” says Doucette. “We
have a definite need to shift our fo-
cus from prevention and protection to
detection and correction. Transform-
ing your security defense to this new
mode is not something you do over-
night, however.”
Assessment a Key First Step to De-
tect and Correct
As a first step, Berkshire Health Sys-
tems knew it should assess its securi-
ty situation. “We needed to look more
closely at the solutions we currently
have and figure out where the technol-
ogy gaps are,” says Doucette. “In oth-
er words, we needed to know what we
didn’t know.”
The company hired DynTek Services
and McAfee to perform a detailed data
management security assessment
prior to creating a layered, central-
ly managed security architecture. For
the assessment, Dyntek interviewed
Berkshire Healthcare Systems em-
ployees at various levels and reviewed
the organization’s cybersecurity initi-
atives in detail, including vulnerabili-
ties in the environment scored against
HIPAA requirements and staff poli-
cies and behavioral controls. Dyntek
also reviewed physical controls, such
as facility access, device and media
control, encryption, password man-
agement, security incident reporting,
disaster recovery, and data backup
plans. Assessment results indicated
the need to implement a SIEM solu-
tion that integrates with and reinforces
the company’s current solutions.
McAfee SIEM and an Integrated Se-
curity Platform
McAfee Enterprise Security Manager
was the company’s logical choice for a
SIEM solution. The primary reason: its
ability to seamlessly share pertinent
information with other security solu-
tions across the McAfee integrated
security platform. This open, unified
framework enables central manage-
ment and information
56
Berkshire Health Systems
Largest regional healthcare
provider in Western
Massachusetts
Industry
Healthcare
IT Environment
5,100 endpoints across
20 locations
Improving cyberthreat detection one step at a time
Making the Job of Security Operations
Easier at Berkshire Health Systems
With total prevention of data breaches no longer a realistic goal, Berkshire Health System’s
Security Operations turned to McAfee®
Enterprise Security Manager for a centrally
managed, interconnected security architecture for ease of detection and response, and a
sustainable solution.

REAL INSIGHT
sharing across hundreds of products
and services, eliminating point solu-
tion silos and dramatically improving
security posture.
Berkshire Health Systems already
had McAfee Complete Endpoint Pro-
tection—Enterprise, which includes
antivirus, host data loss prevention,
SiteAdvisor®, and other endpoint pro-
tection functionality, all controlled
by the McAfee® ePolicy Orchestra-
tor® (McAfee ePO™) management
console and part of the McAfee in-
tegrated security framework. McA-
fee Enterprise Security Manager eas-
ily integrated with these solutions and
could share data with all of the com-
pany’s endpoints. McAfee Enterprise
Security Manager collects data from
the company’s endpoints and then ap-
plies sophisticated correlation rules
to help Doucette prioritize events that
need investigation. A risk score uni-
fies vulnerability status, asset critical-
ity, and any countermeasure protec-
tion available for the threat to gauge
the severity and risk of the threat.
“Makes My Job a Whole Lot Easier”
“The biggest benefit of the integrated
McAfee ecosystem to me personally
is that it makes my job a whole lot eas-
ier,” says Doucette. “I can see poten-
tial threat activity, push out updates or
remediation, add devices to the net-
work, manage data and endpoint pro-
tection policies, and so on, all from
the McAfee ePO central console and
the SIEM threat intelligence and risk-
based dashboards.”
He can also determine appropriate se-
curity policies much faster. “For ex-
ample, we were having issues with
employees being constantly locked
out of their accounts—perhaps they
changed a password on their laptops
but forgot to change it on their mobile
devices and then entered the incorrect
password too many times,” explains
Doucette. “With the McAfee Enter-
prise Security Platform, we were able
to quickly and easily determine what
the right threshold for lockouts should
be in order to balance the twin needs
for security and easy access.”
Improved Enterprise Visibility and
Faster Detection
Before deploying McAfee Enterprise
Security Manager, Doucette took a
training course offered by McAfee
Professional Services that helped
him get up and running quickly—with
no surprises. McAfee Professional
Services also helped him implement
McAfee Enterprise Security Manager.
In addition to McAfee Enterprise Se-
curity Manager, the company imple-
mented McAfee Enterprise Log Man-
ager, McAfee Advanced Correlation
Engine, and physical and virtual McA-
fee Event Receivers. Doucette imple-
mented many of the out-of-the-box
policies and correlation rules, as well
as some of his own customized corre-
lation rules. “With McAfee Enterprise
Security Manager and McAfee ePO
[software], I have much greater visibil-
ity into what is happening across the
organization,” says Doucette. “Hav-
ing all events correlated quickly in one
central location is huge. I can detect
threats we had no idea were happen-
ing—for instance, that our passwords
are being attacked 24/7 every day
from other countries or the presence
of CryptoLocker activity. Such dramat-
ically improved visibility and rapid de-
tection of threats means we can re-
spond much faster.”
DLP and Fast Historical Analysis
Make Compliance Easier
Berkshire Health Systems must com-
ply with HIPAA, Massachusetts state
personal privacy laws, such as CMR
17, and other internal and external
regulations concerning data securi-
ty. However, even if such regulations
didn’t exist, data security would be of
utmost importance. “Keeping all po-
tentially sensitive patient data safe is
our top priority,” notes Doucette,” from
confidential patient medical informa-
tion to credit card information.”
To prevent data loss, the company
uses McAfee DLP Endpoint. McA-
fee DLP Endpoint allows Doucette to
quickly and easily monitor real-time,
user activities and apply central-
ly managed security policies to reg-
ulate and restrict how sensitive data
is transferred, without impacting em-
ployee productivity. McAfee Enter-
prise Security Manager also helps
Doucette determine appropriate pol-
icies. “The McAfee Enterprise Secu-
rity Manager enabled us to segment
devices that take credit card informa-
tion—whether PCs or kiosks or caf-
eteria cash registers—and manage
our policies and reporting based on
the various PCI subgroups,” explains
Doucette. “The ability to easily ana-
lyze historical credit card transaction
data and segment it meant we could
lock down point-of-sale devices and
some workstations but use DLP for
others. Previously, such historic anal-
ysis would have taken weeks or would
have been impossible.”
Sustainable Security Foundation
for the Future
With its McAfee integrated security
platform, Berkshire Health Systems
has laid the foundation for a sustain-
able protect-detect-correct threat de-
fense lifecycle to safeguard the com-
pany and its patients today and in the
future. Doucette has a much more ef-
fective approach to disrupt and in-
vestigate suspicious events and lim-
it overall risk exposure and compress
incident response. When asked,
“What would you do if you got a call
from the FBI telling you your company
was the victim of a data breach?” Dou-
cette replies, “Most likely I’d already
know about it, thanks to our integrated
security system.”
• Significantly simplifies security adminis-
tration
• Provides comprehensive control over sen-
sitive data
• Allows complete visibility into all endpoints
and data
• Saves time, thanks to centralized manage-
ment and automated tasks
• Enables fast historical analysis to optimize
operations and set policies
RESULTS
“Prevention is still very important, but our biggest challenge has become
detection— specifically, being able to immediately detect the new threats
attacking us and then to respond fast enough that patient and other sensitive
data is not impacted. We have recognized a definite need to shift our focus
from prevention and protection to detection and correction.”
— Paul Doucette, Senior Cybersecurity Engineer, Berkshire Health Systems

58
DOC. DR. MIHA DVOJMOČ, MD SKUPINA CEO & PRESIDENT OF
THE PRIVATE INVESTIGATION CHAMBER OF SLOVENIA
THE WHO, WHAT, WHY, AND WHEN
OF GDPR AND HOW TO TACKLE IT
EU Data Protection Reform or as we will refer to it in this
article the General Data Protection Reform (GDPR) was
put forward by the European Commission as early as in
January of 2012. It took four years, up until 4th of May 2016,
for the official texts of the Regulation (and the Directive**,
which focuses on data protection in the prevention,
investigation, detection and prosecution of criminal
offences or execution of criminal penalties) to be published.
Both documents entered into force in May 2016 and will
apply from May 2018 (6th May for the Directive and 25th
May for the Regulation). It all seems abstract and pointless
to this point, just a mere numbers, but what if we told you,
the Commission set on this road to update and modernise
the principles enshrined in the 1995 Data Protection laws?
Main objectives of new rule set are to forfeit the control
over personal data back to the original owners - citizens -,
to (re)build their trust in new data protection rules, digital
economy and businesses itselves, and to simplify the data
protection regulation for business usage, while keeping
costs down and help business grow.
Rapid pace of techological change, globalisation, and
a transformation of the way the personal data is being
collected, accessed, used and transferred - along with
the significant rise of data volume -, paved the path to the
reform. Name, address, health informations, incomes,
cultural profiles and more are collected, stored and used
everyday and basically everywhere. Whenever one wants
to book a vacation, join a multitude of social network
options, open a bank account and etc., vital personal
informations are being handed over to controllers and
processors, often in a transborder business dealings. The
personal data is given by mere individuals and businesses
and public authorities, and as such demand a sufficient
attention and protection. European Union deemed it
necessary to ensure such personal data will enjoy a high
protection standard all across the Union.
According to the Special Eurobarometer 431 from 2015
on the topic of data protection the majority of European
citizens recognize the data collection process as a part
of everyday modern life in the digital age they live in. And
only three out of ten are indifferent when asked if they
should give an explicit approval for the use of their personal
information. On the other hand, only a quarter of European
trust online businesses, and a majority of citizens feel they
lack the control over what happens when their personal
data is out there. All points to an admission, that an update
and improvement of the data protection regime is a must.
With the new regulation, the companies are said to
strengthen their security measures and avoid breaches,
and in case they do happen, they are obliged to notify
the national data protection authority and the individual,
whose control over their data is said to improve. Giving
the explicit consent, having the right to be forgotten in
the online environment, guaranteeing easy access to
one’s own data and give the right to data portability, giving
the full understanding about the handling of their data,
and on top of that improve their means to excersize their
rights, if we only name a few. The legal aspect of GDPR
will be complemented with reinforcing data security on
IT level, with encouraging the use of privacy-enhancing
technologies and privacy-friendly default settings. And if
that does not sell the European Commission’s point, the
enhanced accountability of those processing the data
is obvious in requirement for so called Data Protection
Officer (DPO), Privacy by design and by default principles
and obligatory Data Protection Impact Assessments for
organisations that meet certain criteria. Top it all with a
hefty fines for non-compliance. If we summarize it in the
eyes of European Commission: one continent with one law,
one-stop-shop way of dealing with a single supervisory
authority, same rules for all companies, even if their are not
based in the EU, but wish to do business with the members,
and technological neutrality.
May 2018 is just a few snowy months and daisies away,
and the preparations are to be in full swing. But what
if the company has not yet started working on GDPR
compliance? Educating themselves on what personal data
is and set the basis for the analysis of their organisation
would be a prefered step one, followeyd closely by
informing themselves on the positive aspects of GDPR,
and with that set the mental groundwork for compliance.
Knowing the broadness of the business activities,
processes and organisation as whole in light of the new
reform, represents a first stepping stone to compliance.
Keeping the protection of people’s rights in the front of
their mind with a clear and simple two way communication,
taking care of legal framework of their activities, checking
if they are obliged to assign a DPO and how they should
take care of record keeping. All this should be done with an
anticipation by impact assessments, including recognizing
the biggest threats to the processes involving personal
data, and GDPR as such should be taken into consideration
when updating or building a new organisation or business.
A lot of the groundwork can be done internally on the level
of organisation, with a precize action plan, exploring the
innovative technology and selecting specific solutions, that
meet the business’ needs, along with raising awareness
among employees. But keep in mind - sometimes a hand
from an outsorcing companies, dealing specifically with
data protection regulations and legal frameworks, and IT
expertize, is needed.

BMW X4 Z BOGATO OPREMO
ŽE ZA 44.990 EUR ALI 423 EUR
NA MESEC.*
OSTANI
SAMOSVOJ. Užitek v vožnji
* Informativni primer za BMW X4 xDrive20d JOY4 Edition, posebna ponudba za omejeno število vozil: finančni leasing • predračunska vrednost vozila: 44.990,00
EUR • plačilo na začetku 15.746,50 EUR • znesek financiranja: 29.835,73 EUR • trajanje financiranja: 84 mesecev • mesečni obrok: 422,97 EUR • skupni znesek
za plačilo: 45.951,48 EUR • efektivna obrestna mera: 5,84% na dan 14.09.2017 • redna cena vozila, z vključeno opremo iz posebne ponudbe je 60.873,00 EUR
• ponudba ne vključuje stroškov priprave in transporta vozila. Ponudbe veljajo do 31. 12. 2017. Finančna ponudba je neobvezujoča in BMW Financial Services si
pridržuje pravico do spremembe pogojev ali zavrnitve financiranja brez dodatne obrazložitve. V primeru dviga pogodbene obrestne mere, posledično spremembi ref-
erenčne obrestne mere (3 mesečni EURIBOR), se lahko poveča skupni znesek, ki ga mora leasingojemalec plačati po pogodbi. Ponudnik finančnih storitev je BMW
Financial Services, katerega ekskluzivna zastopnika v Sloveniji sta Gorenjska banka d.d. in GB Leasing d.o.o. Na vozila iz ponudbe se lahko poljubno dodaja dodatna
oprema. Pri izbiri druge motorne različice ali modela, se glede posebne ponudbe posvetujte s pooblaščenim trgovcem za vozila BMW. Več informacij dobite na
01 88 88 208 ali pri pooblaščenih trgovcih z vozili BMW. Uvoznik si pridržuje pravico do spremembe cen in specifikacije opreme. Cene so v EUR in vključujejo vse
zakonsko predpisane dajatve. Kombinirana poraba goriva za vozila BMW X4: od 5,4 do 8,6 l/100 km. Emisije CO2
: od 142 do 199 g/km. Emisijska stopnja: Euro6.
Emisije NOx: od 0,0150 do 0,0528 g/km. Ogljikov dioksid (CO2
) je najpomembnejši toplogredni plin, ki povzroča globalno segrevanje. Emisije onesnaževal zunan-
jega zraka iz prometa pomembno prispevajo k poslabšanju kakovosti zunanjega zraka. Prispevajo zlasti k čezmerno povišanim koncentracijam prizemnega ozona,
delcev PM10
in PM2,5
ter dušikovih oksidov.
OBIŠČITE SALONE BMW SELMAR.

TRUSTWORTHY AND TRANSPARENT
CAR HISTORY TRACKING
Project Vision
CarLogChain is a blockchain-based platform aiming to reshape one of the world’s largest
industries by establishing a globally unified and 100% credible car database. By linking the
secure, transparent and decentralized blockchain technology to our network of patented
innovative Autoscan scanners we are able to provide an effective solution for thus far un-
solved problems of the automotive industry – trackability and trustworthiness.
The market
CarLogChain is capitalizing on three enormous markets:
• Booming Cryptocurrencies market: The total cryptocurrency market cap recently sur-
passed 250billion USD, having increased over 1500% YTD.
• Enormous Automotive market: Global sales of passenger cars are projected to hit 77.8
million units in 2017.
• Auto insurance market: Full of inefficiencies which drive most insurance institutions in
the search for innovative solutions. Digitally underwritten insurance is projected to grow
by 800% from 2017 to 2020.
Car Scanner - leading the way in vehicle scanning
Our Car Scanner is an innovative and automated apparatus for detection and classifica-
tion of damage on motor vehicles. Based on video scan and an innovative 3D recognition
system, the Car Scanner makes a “fingerprint” of the car chassis, along with assessing
the engine and functional characteristics throughout the vehicle history. Each time a car is
scanned by the Car Scanner, the car’s complete “identity” is snapshot and recorded in our
database, using the blockchain technology.
REAL TECHNOLOGY
60

REAL TECHNOLOGY
61
CarLogChain
We started forming a team of
exceptional individuals who
recognized the opportunity
of bringing together elements
needed for the disruption of
the industry with enormous
potential. Our mission is to
digitize the automotive indus-
tryby introducing a globally uni-
fied CLC digital vehicle iden-
tity card and establishing the
CarLogChain database with
the most extensive vehicles
network.
The CarLogChain platform will
be fuelled by the immutability
and transparencyof the block-
chain technology, while the
CLC token will represent the
heart of the ecosystem serving
as an exclusive ticket to mul-
tiple features.
Automated systems for dam-
age detection utilize work for
insurance experts by perform-
ing quicker and more objec-
tive counting of damages and
prevent possible abuses due
to inaccurate damage estima-
tions.
All potential damages are
tracked in videos. Tracking of
damages in consecutive im-
ages is performed with soft-
ware methods, which locate
the most appropriate matches,
e.g. nearest neighbour search
with incorporation of calcula-
tion of movement of vehicle (in
digital pixel units) between two
consecutive images.
All detected surface damages
are converted from digital pixel
units to actual physical unit
size and classified according
to size.

62
16th and 17th of March 2017
were important days for IT security
market of Adriatic region. At that time,
the 12th annual RISK conference
was taking place in the Congress
centre Thermana in Laško. As
expected, it was a big success in
terms of organization, presentations,
participation and accompanying
activities like humanitarian auction.
Again the organizers were denying
‘late’ applicants to the conference
more than 3 weeks before the starting
date. It simply had to be done due
to reaching the maximum capacity
of registered attendees already one
month prior to the first conference day.
This has happened before and the
interest of general media and public
shows, that IT security and related
themes have matured and have finally
been recognized as very important
for everyday business and personal
life especially because of the new EU
GDPR directive which also pushes
companies to work and prepare more
in the field of data protection.
RISK 2017 opening act was
performed by drummers from
academic musicians group called
STOP – Slovenski tolkalni projekt,
accompanied by David Ivacic sales
director and Renato Uhl CEO from
REAL security d.o.o. as a surprise,
disguised with wigs, followed by
their welcome speech. Of course, for
majority of attendees, most important
were 29 top presentations held
through a period of two days in two
partially parallel tracks and the DEMO
room where exhibitors showed their
technologies in action.
Let us take a look at some of the
most thrilling presenters of the
conference. David Kemp, EMEA
Specialist Business Consultant from
Hewlett Packard Enterprise talked
about Exploiting Risk Management
from regulatory compliance for
defensibility, operational effectiveness
and revenue, Thomas Maxeiner,
Director of Enterprise Technology,
EMEA from Intel Security showed the
Intelligent Endpoint for the Future-
Proof Endpoint Defense”, Ramses
Gallego, President ISACA Barcelona
Chapter who enlightened the visitors
about Threats and Risks in the Cloud,
Michal Ostrowski, Regional Director
CEE, from FireEye who discussed
Intelligence led security - The power
of contextual information and many
other interesting presentations also
from academic sphere from Slovenia
where Vice Dean for Academic Afairs
from Faculty of Criminal Justice and
Security Dr. Branko Lobnikar talked
and showed the data about the
Organised Crime in Cyberspace of EU
in 2016.
Presenters came from all over the
world - from UK, Australia, Germany,
Switzerland, Israel, France, Spain,
Netherlands, Poland, Romania,
Czech Republic, Slovakia, Hungary,
Croatia and even from the USA. Of
course, there is Slovenia, the home
country of the conference, which was
represented by practical IT security
studies made by companies like ADD,
SRC, S&T Slovenia, Unistar LC, OSI
and SIQ.
A LOOK BACK AT
RISK CONFERENCE 2017

As the first day of conference
presentations ended, all the visitors
had a couple of hours of rest, then
followed the Gala dinner. There we
had a surprise speech about where
the mankind is going from a special
guest, Mr. Anthony Harrington,
Executive Partner at GARTNER.
After the programme performed
by SERPENTES theatre we
announced the winners of
IT security achievements in
Adriatic region for 2016 in several
categories, including partners
of the year S&T Slovenija from
Slovenia, CS Computer Systems
from Croatia, Lanaco from
Republika Srpska, Emerging
Market Consultants from Bosnia
and Herzegovina, Inquest from
Serbia and S&T Crna Gora from
Montenegro, vendor of the year
FireEye, technology vendor of
the year McAfee, rising vendor of
the year ObserveIT, loyal vendor
of the year Forcepoint, strategic
vendor of the year Hewlett Packard
Enterprise, hot vendor of the year
Centrify, academic partner of the
year Dr. Branko Lobnikar from
Faculty of criminal justice and
security and special guest Ramses
Gallego.
Gartner Executive Partner Anthony Harrington with Chris Wherry
Renato Uhl, CEO of REAL security d.o.o. delivering donations to Clown doctors, SD Dolomiti and Rainbow fairy

REAL SECURITY
INFO MAGAZINE 8
Editor in Chief: Renato Uhl
Publishing year: 2017
Number of printed issues: 5000
Design: Samo Zavasnik
Publisher: REAL security d.o.o.,
Zolgarjeva ulica 17,
2000 Maribor,
+386 22347474,
www.real-sec.com,
info@real-sec.com
All rights reserved. No part of this
publication may be reproduced in
whole or in part without permission of
the puiblisher. All articles used with
permission of respected authors.
ISSN 2463-817X
Ramses Gallego
at RISK 2017
»I was talking to an important visitor and, im-
agine, he told me this is probably the best organ-
ized IT event in Europe that he recently been to.
And you know what? The person who said that,
well, he just came from the RSA conference! If
this is not the best possible indicator of us doing
it right, then I don’t know what is. The sleepless
hours and stress of five months of conference re-
lated activities were forgotten in a moment – nev-
er before have we heard so many good praises
from all types of visitors,« said Renato Uhl, CEO
of REAL security, »Congrats also to the fantastic
staff of hotel Thermana Laško for their excellent
support. A wonderful conference. It’s as good as
it gets. At least until RISK 2018.«
The party continued in hotel bar with
BEER PONG sponsored by the Laško
Brewery and great DJ, heating up the
dance floor. It was a very entertaining
evening, or a night for some who kept
going until the morning hours of the
second conference day.
The second day of the conference
concluded in the afternoon with the
4th traditional humanitarian auction
on behalf of the RED NOSES society,
Rainbow fairy and SD Dolomiti hosted
by REAL security CTO Alen Šalamun.
Special thanks goes to all who
supported the humanitarian auction,
especially the auction main sponsors
BMW Group of Slovenia and SELMAR
who donated MINI bike, unique Elan
BMW Edition pair of skis not sold in
stores and signed by aces like Tina
Maze, Jure and Žan Košir, Jakov Fak,
Filip Flisar and other prominent winter
sports personalities and BMW goodie
bags, LUMAR houses, STUDIO
Moderna, Pivovarna Laško, Intel
security, Hewlett Packard Enterprise
and most of the vendors who were
presenters at the conference.
This humanitarian auction brought
3,300.00€ and with those funds,
for the first time, the organizer was
able to support more then just
one organisation. 3 cheques were
awarded to the representatives of
RED NOSES society, Rainbow fairy
and SD Dolomiti by main auction
sponsor BMW GROUP of SLOVENIA
representative, Mrs. Maja Ilec and
REAL security CEO,
Renato Uhl.
Alen Šalamun, CTO of REAL security d.o.o. at the charity auction

INFOMAGAZINE 8 by REAL security

More Related Content

What's hot (20)

Similar to INFOMAGAZINE 8 by REAL security (20)

Recently uploaded (20)

INFOMAGAZINE 8 by REAL security