Thursday, September 29, 2022

Mazen A. Dohaji, Vice President (iMETA) at LogRhythm

LogRhytm

As technological advancements have skyrocketed, and the switch to digital is on the rise, cybersecurity will play a vital role in the transformation ahead. 

As governments all over the world invest in smart city initiatives, the role of cybersecurity has been elevated to protect the fabric of society from cybercriminals looking to wreak havoc across the board. 

One of the main players on the front line of cybersecurity is LogRhythm, a U.S.-based cybersecurity firm. The company recently launched tools for adopting the Kingdom of Saudi Arabia’s Essential Cybersecurity Controls (ECC). Its predefined reports and use cases enable organisations to accelerate compliance with the KSA’s ECC and support Saudi Vision 2030.

Inside Telecom sat down with LogRhythm’s Vice President of iMETA, Mazen A. Dohaji, to find out more about the company’s activities and the current cybersecurity landscape.

Could you walk us through the cybersecurity services that LogRhythm has and will provide to KSA? 

The Essential Cybersecurity Controls (ECC) were launched in 2018 by the National Cybersecurity Authority (NCA) in the Kingdom of Saudi Arabia (KSA) as part of the Saudi Vision 2030 strategic framework. Since then, we’ve been developing reporting capabilities and compliance use cases that make it easy and efficient to comply with the KSA ECC. 

Our NextGen SIEM platform enables organizations to meet many ECC guidelines by collecting, managing, and analysing log data. With out-of-the box automation, our system meets the minimum cybersecurity requirements for information and technology assets operating within the KSA. 

We understand that organizations may be at different points of compliance maturity, so the KSA-ECC module gives organizations the flexibility to realize value at any point along that maturity scale. As their business grows, our advanced functionalities such as NetMon, TrueIdentity SysMon, threat research content, and case management will enhance prebuilt content to better support organizations’ compliance efforts.

Will the services offered be provided to both the Kingdom’s private and public sectors?

Our reporting capabilities and compliance use cases are designed to serve both the private and public sector. At the same time, we have a key focus on the public sector and that is a large opportunity for LogRhythm in KSA. 

The objective of the ECC is to establish best practice in cybersecurity at a national level, covering critical infrastructure, high priority sectors and government services. All government-run agencies and departments within the Kingdom must comply with the ECC, and any privately run organizations looking to do business with public sector organizations must also comply. 

What matters is that any organisation can easily demonstrate their compliance with the ECC when they’re audited. 

Can you give us examples of how your services will shield KSA from cyberattacks?

An organization in the KSA can proactively monitor their IT environment and recognize any suspicious or problematic activity. This includes right down to the endpoint. 

Our SIEM platform has helped to improve many organizations by allowing them to provide widely diverse log sources, correlate them, and then easily create rules around alerting them about cyberattacks. By integrating all products into a single system for analysts, we make it easier and more efficient for organizations to block attacks and save time in the process.

It is about enabling organizations to be proactive with cyberattacks and giving them visibility and control over their IT environment.   

As 5G rollout begins, how will LogRhythm capitalize on the next generation network to enhance services, products and capabilities?

I think the evolution of 5G will create new opportunities and challenges for enterprises. We’ll see growing deployments of IoT that are underpinned with 5G and that means new and diverse attack surfaces. The combination of 5G and IoT will make security a priority for a growing number of organizations and they will need to rethink their approach. 

At its core, it’s about creating a secure foundation for innovation and maximizing the potential of 5G and IoT. That’s a journey that many organizations are on already, but 5G will accelerate investments in IT security and the development of IT security strategies.     

With smart cities on the horizon, such as the Kingdom’s plans to build Neom Smart City, what can governments do to ensure the safety of these advanced Internet-powered cities?

The KSA has been proactive in its approach to cybersecurity. It has recognized that cybersecurity is critical to the growth and development of its digital economy and that extends to smart cities. 

For smart cities around the world to not only survive but thrive, governments need to make sure they are providing reliable, wireless connectivity throughout. However, it needs to be done in a safe and secure way. 

Governments need to maximize their security intelligence by gaining visibility into all parts of their network, whilst simplifying the Security Operation Center (SOC) experience so their analysts can respond to threats faster. With new technology, governments can save resources, increase the value of their investments, choose scalable and flexible deployment options and create road maps to advance their cybersecurity journeys.  

Can you please breakdown automation in cybersecurity and its benefits?

Automated incident response tools handle sensitive customer data, preventing attackers from gaining access to potentially damaging information, and causing reputational detriment and distrust. 

Inefficient communication and lack of resources increase the risk of damaging threats slipping through the cracks. With automated incident response tools you can guarantee that all prescribed steps are taken, and in the same order, ensuring nothing is missed. However, if your organization maintains an informal SOC and has limited resources, you may be facing delays in responding to incidents or threats could be going unnoticed. Using incident response tools can save time which can be directed to more pressing workflows and alerts can be handled by fewer people.

With constant change in the industry and an increasing landscape of cyberthreats, security teams have a lot on their plate. It takes longer to separate real threats from the false alarms and the amount of time spent on routine data gathering increases Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR). Using automation incident responses can limit the exposure of false alarms, enabling analysts to pay more attention to critical threats and increase the aggregation of data, putting the relevant details in front of the right people.

Not having an efficient plan in place can easily cause panic when things go wrong. Automating IR not only allows for the decision-making process to be expedited in the event of an attack, but also ensures that the right decision-makers are clearly outlined which minimizes overlap. With more visibility and elimination of blind spots, you will not only improve your security operations efficiencies, your team can operate with much more confidence when securing the organization’s data.

Does LogRhythm have any plans to expand its services beyond Saudi Arabia, and into the GCC as a whole?

We serve organizations across India, the Middle East, Turkey and Africa, which we call iMETA. This is the region that I cover. While these markets are quite diverse, they share similar cybersecurity challenges. Across the Middle East, we’re active with both channel partners in markets like the UAE and Egypt while serving direct customers that span iMETA. This is a dynamic and growing region that understands the value of robust cybersecurity and with local markets that have big ambitions for their digital economies. 

What sets LogRhythm apart from its competitors?

We are a world leader in NextGen SIEM. We empower organizations across six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. 

Our platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation and orchestration (SAO) in a single end-to-end solution. We are also the only provider to earn the Gartner Peer Insights’ Customer Choice for SIEM designation four years in a row.