How CyberKnight And Gigamon Are Shaping KSA's Cyber Defenses

With Saudi Arabia emerging as a hub for digital transformation and innovation, cybersecurity measures are becoming more vital than ever to protect data and systems from evolving threats.

“Cybersecurity plays a crucial role by protecting critical infrastructure, securing economic assets, building trust, ensuring regulatory compliance, and supporting innovation,” says Mohammad Al-Azzeh, business unit head for network security at cybersecurity-focused value-added-distributor CyberKnight.

“In the region, key cybersecurity challenges include threats arising from geopolitical tensions, which often lead to state-sponsored cyberattacks and conflicts,” Al-Azzeh adds. “The rapid pace of digital adoption can outstrip the implementation of effective security measures, creating vulnerabilities.”

Globally, cybersecurity challenges remain rampant, including persistent threats from ransomware, supply chain vulnerabilities, insider threats, and zero-day exploits.

“In Saudi Arabia and the GCC, the biggest cybersecurity threats include state-sponsored attacks due to geopolitical tensions, ransomware targeting businesses and government entities, financial fraud against financial institutions, threats to critical infrastructure such as energy and water, insider threats from employees or contractors, and supply chain attacks,” Al-Azzeh tells us.

Mohammad Al-Azzeh, business unit head for network security at CyberKnight. Courtesy of Mohammad Al-Azzeh. 

Mark Jow, senior director and evangelist at network observability leader Gigamon, notes that, as the threat landscape becomes more sophisticated, it is also becoming more costly. He points out that the cost of a cyberattack for the average business is about US$16 million globally based on recent data.

“The threat landscape is getting far more hostile. If you look at the last five or six years, it’s probably at its highest level ever,” Jow says.

Jow notes that private clouds, which remain widespread, create challenges to protecting data. “Workloads are really being stretched and spread across more places than before. Without the right security solutions, it becomes harder to protect data and workload, whether on a private cloud, a sovereign cloud, or an on-premises data center,” says Jow.

SECURING HYBRID CLOUD ENVIRONMENTS WITH ZERO TRUST

As a key player offering solutions to strengthen Saudi Arabia’s cybersecurity landscape, CyberKnight supports companies through consulting and advisory services and training programs to educate employees and IT professionals about best practices, threat awareness, and incident response.

The company also plays a crucial role in protecting critical sectors, such as energy, finance, and government — all essential to the country’s economic stability and national security. It also helps organizations comply with local and international cybersecurity regulations and standards by utilizing Zero Trust architecture to establish a robust security foundation.

“Zero Trust Security is a cybersecurity model based on the principle of ‘never trust, always verify.’ It assumes that threats could come from both outside and inside the network, so no user or device is trusted by default,” Al-Azzeh says.

Al-Azzeh explains that while hybrid cloud environments provide increased resilience, they come with other vulnerabilities.

“Unlike traditional models that rely on perimeter defenses, Zero Trust requires continuous verification of every access request, regardless of the user’s location. This involves implementing strict access controls based on the principle of least privilege, segmenting the network to limit lateral movement, and continuously monitoring user and device behavior,” Al-Azzeh says.

This, he tells us, improves the ability to detect and respond to breaches and overcomes the limitations of traditional security tools.

STRENGTHENING SECURITY POSTURE THROUGH DEEP OBSERVATION

Another key technology utilized to fortify the Kingdom’s cybersecurity landscape is Deep Observability, which Gigamon utilizes to deliver network-derived intelligence to an enterprise’s cloud, security, and observability tools.

Mark Jow, senior director and evangelist at network observability leader Gigamon. Courtesy of Mark Jow. 

“We’re about delivering pervasive, all-inclusive, and complete visibility of all network traffic within an entire hybrid cloud environment, wherever it moves to and from — north, south, east, or west,” Jow explains.

Gigamon uses Deep Observability to monitor everything that moves across the network and examine, optimize, and filter the data. This allows it to efficiently direct data to an organization’s tools to enhance security, optimize applications, and ensure network efficiency. It also helps organizations stay informed about potential threats and maintain operational effectiveness.

“We augment the existing tool technology that people have. Today, that relies largely on metrics, events, logs, and traces with deep network level telemetry and insight — wherever that network traffic flows to and from — to help give them a more complete picture of what’s happening in their organizations,” Jow says.

In hybrid cloud environments, Gigamon aids organizations to cost-effectively decrypt and then re-encrypt data, helping companies maximize operational costs on IT infrastructure.

“We have a solution for private and public cloud environments and container environments that effectively enables organizations to see inside encrypted traffic without spending a fortune on additional CPU load to encrypt and decrypt,” Jow says.

By feeding the right data to the right tools, he explains, Gigamon allows organizations to integrate their solutions with existing tools, optimizing costs.

INTEGRATING CUTTING-EDGE TOOLS IN HYBRID CLOUD ENVIRONMENTS

CyberKnight also leverages advanced strategies and technologies to provide real-time insights into emerging threats and vulnerabilities in hybrid cloud environments. It uses unified security management platforms that consolidate data from security tools and sources to facilitate more effective monitoring and response across on-premises and cloud environments.

“The use of Security Information and Event Management (SIEM) systems enables the aggregation, correlation, and analysis of security events, improving the detection of suspicious activities and speeding up incident response,” says Al-Azzeh.

CyberKnight also integrates behavioral analytics and automated response solutions. This includes Endpoint Detection and Response (EDR) tools to combat threats at the endpoint level. The cybersecurity giant also offers continuous vulnerability management to find and fix system weaknesses before they can be exploited.

Gigamon, on the other hand, democratizes network telemetry by delivering it in multiple formats or styles to security teams, based on their preferences. This makes each team’s tools more effective for network performance, application performance, and security. It also offers a unified, cross-organizational view of security and efficiency.

“The technology that we have actually helps those tools become aligned and better integrated and, as a result, more able to spot weaknesses that are at risk,” says Jow.

One of Gigamon’s objectives, he explains, is to support organizations’ security teams.

“The security teams are still doing all the heavy lifting. We want to help them be a lot more efficient by filtering traffic and augmenting the metric data so they’re not burdened with thousands of false positives or false negatives,” he adds.

These efforts lead to increased productivity and effectiveness, as providing the right data at the right time allows organizations to respond more efficiently and accurately to potential threats.

This article first appeared in the October issue of Inc. Arabia magazine. To read the full issue online, click here.