Traditional security defences may prove inadequate for effective GDPR strategies, warns Aruba
Source: Procre8 for Aruba , Author: Posted by BI-ME staff
Posted: Mon June 4, 2018 1:54 pm

UAE. Companies risk falling foul of incoming GDPR regulations by relying on existing, piecemeal security measures, according to a new whitepaper published today by Aruba, a Hewlett Packard Enterprise company.

The majority of existing defences, which use pattern matching techniques to find threats, are unable to detect new attacks that use legitimate user credentials to access sensitive information, meaning that companies risk not be able to detect and report a breach within the 72 hours stipulated by GDPR, says the whitepaper. The resultant fines can amount to €20 million, or four percent of annual turnover.

However far from calling for existing systems to be replaced, Aruba´s whitepaper suggests that these products remain essential as part of an effective GDPR strategy. Rather, it highlights the need to complement these defences with an additional layer of monitoring that utilises new types of attack detection, such as machine learning, to analyse the entire network collectively, and find the very small changes in activity that are indicative of an attack.

“Personal information is absolute gold dust for attackers, because it can quickly be sold on the Dark Web” said Morten Illum, VP EMEA at Aruba. “It´s almost certain that your business will see its personal data targeted in future, and attackers will appear to be a trusted user while they are carrying out their work. Without using automation tools to spot the unusual activity that’s going on, it could take months to detect what´s going on. And that´s bad news both for your customer relationships, and your GDPR strategy.”

As hacks become increasingly sophisticated and often spread out over many months it’s very difficult for security teams to identify small anomalies in how a device is accessing the data stored in an application. The Aruba 360o Secure Fabric offers a combination of network access control capabilities to view the millions of devices accessing the network, and provide policy-based, device-specific access that can significantly limit access to user personal data.

The solution also includes the new Aruba IntroSpect, which uses machine learning to determine where personal data resides, and search the entire network for anomalous activity that could indicate a potential security breach. IntroSpect uses this learning to generate ‘risk scores’ for each connected user, device, system and database, focusing the attention of IT and security teams and ensuring future attacks do not go unnoticed.

Reports from users of IntoSpect have shown that new threat investigations have been completed 30 hours quicker than previously-used systems, a significant reduction in the fight to meet the 72 hour reporting deadline of GDPR.

“There is no single product or combination of security solutions that can guarantee GDPR compliance”, continued Illum, “so it´s time that we bring existing solutions together. A holistic GDPR strategy can only be achieved if the security teams have the right tools to do their job. We think a single view of the network, and the ability to automatically create new policies based on incoming activity, is our best chance of staying ahead.”

To download the whitepaper in full click here.

Photo Captions:
1. (above)  Morten Illum, VP EMEA at Aruba
2. (inset)   For illustration purpose only (File photo)

About Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company, is a leading provider of next-generation networking solutions for enterprises of all sizes worldwide. The company delivers IT and cybersecurity solutions that empower organizations to serve the latest generation of mobile-savvy users who rely on cloud-based business apps for every aspect of their work and personal lives.

To learn more, visit Aruba at http://www.arubanetworks.com. For real-time news updates follow Aruba on Twitter and Facebook, and for the latest technical discussions on mobility and Aruba products visit Airheads Social at http://community.arubanetworks.com.

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: September 25, 2018
UAE. McAfee researchers analyze cryptomining malware trend, Windows 10 Cortana vulnerabilities, blockchain attack vectors, mobile billing fraud apps, and the weaponization of vulnerability exploits; Cryptocurrency mining malware increase 86% in Q2 2018.
date:Posted: September 24, 2018
INTERNATIONAL. Digital Transformation Barometer finds better security needed to harness the positive potential of AI and mitigate risks of malicious attacks.
date:Posted: September 21, 2018
UAE. Analysts to explore AI developments and influence on businesses at the Gartner Symposium/ITxpo 2019, March 4-6 in Dubai, United Arab Emirates.
UAE. McAfee researchers analyze cryptomining malware trend, Windows 10 Cortana vulnerabilities, blockchain attack vectors, mobile billing fraud apps, and the weaponization of vulnerability exploits; Cryptocurrency mining malware increase 86% in Q2 2018.
dhgate