Ransomware Attacks Remain an Ongoing Issue for Enterprises

In an exclusive interview with Arabian Reseller, Dimitris Raekos the Business Development Manager for MEA at VMRay talks about the threat landscape in the region, VMRay’s presence in the region, the COVID-19 impact, and lots more

What sort of threat landscape, both current and emerging trends, have you seen in the region and how are they evolving?
Ransomware attacks remain a continuous issue for enterprises, especially when it is part of a targeted attack, the actual ransomware is usually deployed after the attackers have an understanding of the victim’s network, often weeks or months after gaining the initial foothold.  The problem becomes more serious when cybercriminals steal the data to potentially expose them to public servers. These types of attacks where the cybercriminal remains idle for some time are not limited to ransomware attacks.

Apart from ransomware attacks, what are the other concerns most responsible for raising anxiety levels?
Most of the attacks start via an email, therefore phishing attacks combined with user awareness issues or negligence are a big headache for cybersecurity teams. If we also combine the continuous cyber-warfare via APTs and pandemic drivers for mass remote working, cybersecurity teams become very challenged as to their current security approach and especially in the Middle East was totally different.

It is very important to be able to detect those attacks during the incubation period and this can happen with premium threat detection and analysis technology like VMRay. Problem is that traditional or technologies using the marketing term next-gen are not be able to detect sophisticated or unknown adversaries. Sophisticated threat detection and analysis technology is required to cope with sophisticated threats.

Tell us about VMRay and its products and solutions.
VMRay is a comprehensive malware analysis and detection platform from Germany that combines reputation, static analysis, and unique sandbox technology. We empower teams to deepen their insight into malware behavior, streamline investigations, and enhance their incident response. Our clients include MSSPs, Technology companies, and Enterprises having dedicated security teams and SOC.  Our solutions augment the wider security ecosystem as we integrate via out of the box connectors or REST API, this includes but not limited to EDR, SOAR, SIEM, and Threat Intelligence Platforms.

We could say that our biggest technological advantage is that malware cannot evade detection when detonated in VMRay’s environment. Advanced malware often tries to evade and change behavior when inside a sandbox environment however we remain invisible as we use an agentless approach and hardware virtualization. The hypervisor level monitoring apart from better detection provides full visibility on the target system comparing with technologies used by other vendors like hooking or emulation.

Tell us about your role at VMRay.
VMRay recently decided to expand and develop a global partner ecosystem, part of the procedure is to add more resources. I have decided to accept the challenge and develop the markets of the Middle East and Africa by appointing highly specialised cybersecurity partners in a 2-tier distribution model and creating the required market demand. Definitely will be very tough with current circumstances but due to our strong technology the initial signs are very positive, especially for cybersecurity experts faced difficulties with evasive malware or those looking to automate their analysis and incident response.

Which markets will you cover from Dubai?
We initiated our presence in the United Arab Emirates in August, in order to develop and manage the Middle East and Africa markets. Despite the fact that we didn’t have an active presence in the region in the past, we already have partners and clients from our headquarter team efforts.

When you speak to partners and customers, what are the key security challenges they are facing today?
We typically speak with large enterprises having a SOC and Managed Security Services providers offering relevant services. One of their main challenges is that they have to spend a lot of time investigating incidents and determine what sort of response should be taken due to poorly automated analysis methods they use. However their biggest challenge, despite the fact that they have so many layers of protection they fall short in the ability to detect highly evasive malware, new attack vectors, and methods.

How has COVID-19 changed security requirements in the region?
It is evident that the COVID-19 pandemic had a heavy impact on security plans and security budgets that were allocated before the COVID outbreak. Many CISOs we spoke confirmed they had to put projects on hold to address the crisis. Ensuring business continuity by quickly scaling up VPN capacity, adding Identity Access Management solutions to enable secure remote work access and authentication was only one of the many challenges.

Cybercriminals saw the pandemic as an opportunity to successfully launch attacks – including business email compromise, home network attacks, and malicious URLs. As the number of attacks increased, the shortage of security staff became more evident than ever before. SOC and Incident Response teams were outnumbered by the deluge of alerts.

The security talent shortage is a problem not to be underestimated in these times. The good news is that VMRay solutions can offload overworked security teams from many tasks, and help less experienced team members to cope with alerts and incidents that would normally require an experienced threat analyst.

Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button