3.1 C
London
Saturday, November 18, 2017
Home Tags DLP

Tag: DLP

9th November 2017 - XYZprinting, the world’s leading desktop 3D printer brand, have announced a new strategic alliance with Digital Wax Systems (DWS) as part of its expansion into the industrial and commercial 3D printer market.The partnership wi...
As companies amass more data, they're looking for flexibility in how they identify and protect sensitive information, Google says.
The security vendor bolsters the endpoint detection and response capabilities of its Endpoint Threat Platform with the addition of data loss prevention in a bid to reduce risk.
Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t.

At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud. At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While some of the features, such as Key Management Service, is similar to the security tools AWS has already rolled out (in this case, the AWS Key Management Service), others, such as DLP API for GCP (Google Cloud Platform), go beyond the infrastructure to protect individual applications.To read this article in full or to leave a comment, please click here
Fredrikstad - 9th February 2017. norxe, the Norwegian manufacturer of DLP projectors, will be exhibiting at ISE 2017.This exciting new startup will demonstrate two P1 projectors on a Partner booth in Hall 12, stand N-44.In addition, the company is delighted to announce the appointment of Iain Ambler as Head of Business Development for the UK.
Iain will be attending ISE along with the rest of the norxe team.
Iain‘s appointment is the latest in what... Source: RealWire
Google today bolstered its G Suite of productivity apps with new controls and tools for IT professionals.

G Suite administrators now have more access to control security key enforcement, data control with data loss prevention (DLP) for Google Drive and Gmail, and additional insights by connecting Gmail to BigQuery, Google’s enterprise data warehouse designed to enable SQL queries, according to Google.All of the changes, which are live today, are designed to elevate G Suite for the enterprise, especially among companies that need more confidence in the controls they can maintain over corporate data, according to Google.To read this article in full or to leave a comment, please click here
When I talk to IT managers, I almost always hear fears of mobile devices as conduits for sensitive corporate data to leave the company.
I don’t know why I keep hearing this.

There’s simply no evidence to support this fear.
In fact, there’s solid evidence that says mobile devices are not a significant—or even moderate—risk factor. Every year, I check the Identity Theft Resource Center’s database of personally identifying information (PII) breaches, which require disclosure by both state and federal laws.
I’m sure many losses go unreported, and the database doesn’t cover corporate information not containing PII.

But if mobile devices were a conduit to data loss, they should show up in this database. Mobile-linked breaches haven’t shown up in previous years, and they didn’t show up again in 2016—despite the fact that nearly everyone these days uses a smartphone. What does show up? Paper records, thumb drives, external hard drives, laptops, hacks into databases and storage systems, and successful phishing attempts. Many of the reported breaches involve lost papers, drives, and laptops, where a data thief probably wasn’t involved.

But many involve active hacking of IT systems where data theft is the goal.

And some involve insiders (contractors and ex-employees) steal data to use themselves, bring to new employers, or—least often—sell to others. None of the lost, stolen, or compromised devices were smartphones or tablets.

That’s probably because encrypted devices need not be reported; they’re presumed safe. iPhones and iPads have long encrypted their contents, and professional-grade Android devices have done that in recent years.
In both cases, a simple IT policy can enforce that encryption.
It doesn’t take a fancy mobile security tool; Microsoft Exchange can do the trick. Well, there was one data breach involving a smartphone: A former hospital manager, after resigning, took patient-identifying information by forwarding certain documents such as patient lists to her personal email account.
She had work email set up on her personal smartphone—a common BYOD scenario—and simply forwarded the work emails to her personal email account.

That’s not a mobile-specific issue—she could have done that from a work computer or a home computer. IT’s remedy for this case is the same no matter the device running the email app: Use restricted email accounts where possible and data loss prevention (DLP) tools where not to identify and perhaps prevent such odd email usage.

And don’t distribute PII or other sensitive information in routine documents in the first place! Also not in the breach list were the cloud storage services that IT managers fret about after they’re done worrying about mobile devices: Apple iCloud Drive, Box, Dropbox, Google Drive, and Microsoft OneDrive. But that omission may be misleading because if a lost (unencrypted) laptop has stored the access credentials for such services—which is common—then the data on that cloud drive is available to a data thief, just as the locally stored data is.

The Identity Theft Resource Center database doesn’t go into great detail of each case, but because a lost (unencrypted) laptop is presumed to be a data breach, that breach extends to any data on that laptop, including cloud-accessed data. Still, we didn’t see cases of these popular cloud storage services as the specific vector of a data breach—despite frequent IT fears to the contrary. In this day and age, IT pros have plenty of security threats to deal with.

Active hacking is the biggest threat, of course, and should get the lion’s share of the resources. The client side should be addressed but not dwelled on. Of the clients in use, mobile is the least risky.

Based on the actual risks, a good place to start is securing laptops, then external drives that people use when they don’t have access to a corporate cloud storage service.

Those devices compromise the biggest client risk.

Encryption is your main line of defense for these devices—for cloud storage, too. For the much smaller risk posed by mobile devices, mobile management tools are both mature and effective; there’s no excuse not to have them in place already.
WatchGuard Wi-Fi Cloud delivers automated wireless threat prevention with interactive engagement and analytics18 October 2016 – WatchGuard® Technologies has announced WatchGuard Wi-Fi Cloud, a secure, scalable and feature-rich Wi-Fi management platform with a new family of high-performance, cloud-ready access points.

Deployed together, this next-generation secure wireless solution delivers a sophisticated Wireless Intrusion Prevention System (WIPS), while turning Wi-Fi hot spots into powerful consumer research, analytics and push marketing tools. WatchGuard WiFi logo Architected from the ground up to focus on ease of deployment and administration, the WatchGuard Wi-Fi Cloud simplifies even the most complex aspects of Wi-Fi management, making fast, secure and intelligent Wi-Fi accessible to organisations of all types and sizes. WatchGuard Wi-Fi Cloud delivers high-quality wireless performance, while ensuring consistent security policies across all connected devices, even at remote locations.

The patented WIPS technology built into WatchGuard’s new cloud-ready AP120 and AP320 access points automatically classifies wireless devices as Authorized, Rogue, or External, resulting in a very low false positive rate.

This advanced rogue detection process can safely and automatically shut down unauthorised access points and clients, while nearly eliminating the risk of illegally interfering with neighbouring wireless networks. “Today’s savvy businesses realise that safe and reliable Wi-Fi is a basic requirement, but many SMBs and distributed enterprise organisations struggle to deliver it. We’ve developed a comprehensive solution that dramatically simplifies how businesses deploy and manage wireless, while at the same time elevating Wi-Fi security standards,” said Ryan Orsi, director of wireless products at WatchGuard. “In addition to security, the WatchGuard Wi-Fi Cloud makes it easier for organisations to turn Wi-Fi into an extension of their brand, an interactive experience for their customers and a powerful analytics tool.” WIRELESS SECURITYMost traditional wireless network management solutions fail to stop rogue devices from connecting to their networks or block threats like wireless denial-of-service attacks.

Current WIPS technology delivers a high rate of false positives, incorrectly categorising neighbouring hotspots and innocuously connected devices as malicious, which creates unnecessary frustration and end-user complaints. In addition to automatically detecting and disabling rogue wireless devices and attacks, WatchGuard’s industry-leading WIPS also provides customers with: Secure Bring Your Own Device (BYOD) Policy Enforcement – automatically identifies on-network smart devices and blocks unapproved connections. Accurate Location Tracking – pinpoints the location of connected wireless devices or sources of interference, enabling administrators to quickly take action. Flexible Deployment – deployable in configurations to meet any security need.
It can be installed as an overlay on top of an existing WLAN infrastructure or as a stand-alone enforcement system for Wi-Fi prohibited zones. Customers can easily and cost effectively run all of their wireless network traffic through one of WatchGuard's leading network security appliances, thereby providing the same AV, IPS, web filtering, spam blocking, application control, APT blocking, data loss prevention and reputation lookup techniques to wireless traffic.

This protects them against malware planting, eavesdropping and data theft and prevents inappropriate or illegal use of their network. INTERACTIVE ENGAGEMENT AND ANALYTICSThe Wi-Fi Cloud provides visibility into marketing data, including insights into footfall and customer demographics visualised on customisable dashboards. Organisations can easily monetise these insights by tapping into the mobile engagement features, which allow direct and customised communication with individual customers in the form of SMS, MMS and their social network of choice. WatchGuard Wi-Fi Cloud management features also include: Custom Splash Pages and Social Wi-Fi Engagement – captive portals allow businesses to personalise customer Wi-Fi experiences by offering promotional opportunities, surveys and strong authentication through Facebook, Twitter, LinkedIn, Instagram and other social applications. Mobile Engagement – delivers custom messages to customers via SMS, MMS, and social networks, based on predefined triggers including user interaction and length of time on-network. Wi-Fi Analytics - data is collected via passive scans, active scans and user connections in and around your Wi-Fi networks.

Analyses and conceptualises this data to provide insight into traffic patterns, behaviour and demographics of your Wi-Fi users, in addition to generating a visual map of foot traffic patterns on a floor plan. “There is a strong demand among our customers for widely deployable, cloud-enabled solutions and we are excited to add WatchGuard Wi-Fi Cloud to our portfolio,” said Ian Kilpatrick, director at Wick Hill. “This new Wi-Fi cloud functionality expands our ability to sell more to existing customers and to reach brand new customers.

Additionally, Firebox and Wi-Fi Cloud installations will increase partners’ service revenues.

This represents a big win for everyone.” ADDITIONAL RESOURCES: AVAILABILITY:WatchGuard Wi-Fi Cloud subscriptions, along with the AP120 and AP320 are available now.

Customers can purchase them as a stand-alone solution, or as part of a holistic configuration that routes traffic through a Firebox or XTM appliance, to extend best-in-class security services like APT Blocker, WebBlocker, and Gateway AntiVirus into their wireless environments.

For more information, visit https://www.watchguard.com/wifi. About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide.

The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America.

To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page.

Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Contacts:Rowena Case, WatchGuard Technologies0203 608 9070, ukmarketing@watchguard.com Peter Rennison, PRPR01442 245030, pr@prpr.co.uk
Bad guys use common techniques to steal data, while companies focus too much on sophisticated attacks, according to the second annual Hacker's Playbook, based on an analysis of nearly 4 million breach methods. Security professionals are figuring out how to block attacks from state-sponsored, advanced, persistent adversaries, said Itzik Kotler, CTO and co-founder at penetration company SafeBreach, which produced the report. "But if you look at the different hacks, they're not all carried out by nation-states," he said. "They're carried out by script kiddies and cyber criminals." In fact, while conducting penetration tests on behalf of its customers, SafeBreach found that old standbys are extremely effective. There are few adversaries skilled enough to create zero days.

The majority of attackers use and reuse common techniques -- which is exactly what SafeBreach did when running its penetration tests. Corporate environments typically offered many exfiltration channels, including HTTP, IRC, SIP and Syslogs. Take, for example, Internet Relay Chat which dates back to before the Web was invented. "It is not sophisticated at all," he said. "And, to our knowledge, it has no business value.

But it can still be used to initiate a connection out of a company and carry data." Syslogs are event logs from network and security products sent to external aggregators for consolidation and analysis -- and are usually not scrutinized by security.

They should be limited to specific servers, encrypted, or sent via a VPN tunnel. Simiarly, SIP, which is used for voice-over-IP communication sessions, needs to be limited to specific, pre-identified servers. And HTTP is the most common type of outbound traffic, and is the easiest protocol to take advantage of, according to SafeBreach.

These communications need to be monitored and inspected by data loss prevention platforms. When it comes to getting into a company in the first place, companies are still not locking down many common approaches. For example, executable files in attachments were successful in a quarter of all attempts.
So were Microsoft Office macros and visual Basic scripts. And one of the oldest tricks in the book -- encrypted zip files downloaded via HTTP -- still works. The kinds of files should be limited by policy or inspected by next-generation firewalls, SafeBreach recommended. And the top five most successful malware kits have been around for a year or more, including Citadel, Dridex, Hesperbot, SpyEye and Cryptolocker. Finally, human error was a common problem.

The most damaging mistake was misconfiguring malware sandboxes and proxies.

For example, sandboxes were often not set up to cover all ports, protocols, file formats, and encrypted traffic.

And misconfigured proxies allow attackers to move laterally within corporate networks. This story, "Enterprises outsmarting themselves with security, while attackers easily use common techniques" was originally published by CSO.
Don't just accept the defaults and hope for the best Wherever you look there's yet another SME or enterprise migrating to Office 365.

This says a lot for the attractiveness of cloud-based office suites, and perhaps it also says something about the attractiveness of letting someone else look after one's SharePoint and Exchange servers rather than having to fight with their maintenance and upkeep internally. It also says a lot about the security of the platform: if there were any serious concerns there wouldn't be so many people using it (the figure I have to hand cites 60 million business customers as of spring 2016). What this tells us, though, is not that it's the Fort Knox of cloud-based office software: it merely says that it's secure enough for commercial organisations to accept it into their infrastructure.

Any system has scope for improvement, or for the user to layer further security mechanisms on top to make the setup even more attractive.
So what does Office 365 give us, and what can we do to take it further, security-wise? Underlying directory services One of the reasons people tend to trust Office 365 is that it's based on the directory service that everyone knows and is familiar with: Active Directory.

Cloud-based AD integrates with its on-premise peer very straightforwardly, and although in the past one tended to use outward federation (that is, AD was hosted and managed in-house and federated/synchronised to an external AD server) the story is now far more bi-directional, so you can manage the AD setup either internally and externally and it'll sync in either direction. Let's face it, it's difficult to criticise the fundamental security capabilities of a cloud-based AD setup because we've all been using it in-house for years and years. Securing other apps The other benefit you get if you adopt the Enterprise Mobility Suite on top of Office 365 is the ability to bring the user authentication of a variety of apps into a single user database.
Interestingly EMS gives you more than you'd be able to do with an in-house AD setup.
So as well as providing native AD authentication you can point all manner of other stuff at it – ODBC lookups, LDAP queries, Web services and of course other native AD servers.

But more interestingly there's a pile of specific support for a wide range of popular cloud-based apps (Salesforce is the one that's generally cited, so let's not buck the trend) and so you can move away from your plethora of separate user databases and toward a single integrated directory service. Two-factor authentication The problem with centralising your authentication, though, is that the impact of a breach on your central authentication database is far greater than a breach on a single application's own internal user database.
So the first thing you'll probably want to add to your Office 365 setup is two-factor authentication (2FA).

To be fair to Microsoft they do provide a 2FA mechanism of their own, but many of us already use third-party 2FA (RSA's SecurID is probably the best known, though more recently I've used Symantec's VIP offering) and it's understandable to want to stick with what you know.

And without trying to sound disparaging to Microsoft, there's something to be said for picking a different vendor for your 2FA in the interests of putting your eggs in more than one vendor basket. Happily the 2FA vendors are happy to sell you their 365-connectable offerings as they're becoming nicely established and stable. Edge protection We mentioned earlier that managing your own in-house Exchange setup can be something of a chore, and quite frankly who can blame you for wanting to ship it off to the cloud for Microsoft to look after it? I've seen it done more than once, and the relief on the faces of the mail server admins was palpable.

But I also wouldn't blame you for considering persevering with and potentially even expanding some or all of the edge protection you have for inbound email – it's been common for many years to adopt a hosted anti-malware and/or anti-spam offering and to funnel all your inbound email through it on its way to the Exchange server.
So of course Microsoft's mail infrastructure has its own anti-malware mechanisms (and they're very proud of it) but again, by sticking with a third-party offering layered around it you can bring an additional layer of security, visibility and reassurance to yourself and your management. Going in the other direction, Data Leakage Protection (DLP) is also something that you're increasingly likely to need these days, what with the tendency toward accreditations such as PCI-DSS and ISO 27001.

Again there's a selection of DLP tools and policy features with Office 365, but a third-party approach is very much an option. Security monitoring Regardless of whether your installation is on-premise or in the cloud, security monitoring is absolutely critical if you're serious about security.

The market to be in these days is selling Security Information and Event Management (SIEM) software and appliances: storing, collating and analysing log data and the associated response and remediation brings massive benefits, particularly if you're aiming toward some kind of formal security or similar accreditation. Office 365 provides APIs into which SIEM platforms can hook in order to deduce what's occurring in the cloud installation and alert you to potential issues; and as with the likes of DLP and 2FA the vendors of SIEM products are now commonly supporting Office 365 to pretty much the same extent as they support on-premise kit.

Does Office 365 have in-built SIEM? Yes, there are tools that provide you with forensic analysis features and of course there's event logging, but SIEM isn't a core concept for Microsoft and so unless you have a very small setup you'll look to third-party SIEM offerings for the functionality you need, either in a dedicated, targeted SIEM solution from someone like LogRhythm or Splunk or in a multi-function package from the likes of Proofpoint. Backups One of the big differences between the cloud-based world and the on-premise setup is the need for and the implementation of backups.
It's common to decide that the requirement for backups to protect against complete system failure (i.e. disk crashes causing data loss) is much reduced in the cloud thanks to the robust physical implementation of the underlying storage layer.

But remember that physical crashes are just part of the need for backups: the risk of inadvertent deletion of data doesn't go away when you shift the installation into the cloud.

As with some of the other concepts we've mentioned there are built-in tools such as version control and rollback, automatic retention of items in recycle bins, and so on.

But again you're likely to want more, and again you can look to the market as there's a growing selection of options out there. Are we spotting a trend here? We've been talking so far about augmenting Office 365 with security features that don't come as standard, or that do come with the system but are perhaps not so attractive as those of separate products whose developers are more focused on the subject area.

The thing is, though, that aside perhaps from the discussion on backups, little of these supposed shortcomings are unique to Office 365 – they exist in on-premise setups too.

And that makes sense: we're not saying Office 365 is particularly deficient, just that the whole reason all these third party products and services exist is that you can't reasonably expect Microsoft (or any other of your vendors) to have a perfect solution in every specialist field of security as part of its office suite. What do the Office 365 experts think? Aonghus Fraser, CTO at C5 Alliance (), echoes the idea that the service has its own features but they're not the whole story. He notes: “There are a number of areas that should be considered – some are in addition to Office 365 but there are also newer or lesser-known security features or services that can complement that native Office 365 security and cover all bases”. Endpoint security's high on his list. “Whilst there is protection at the server-side for O365 including Exchange and SharePoint Online, it is recommended that a strategy for endpoint protection for devices is implemented.

This can range from leveraging native O365 & Microsoft services such as InTune to ensure that a minimal level of patching and AV is enabled (using Windows Defender) to third party solutions such as Sophos Endpoint which can work on devices and in conjunction with firewalls to detect and isolate compromised devices”. Following up his point about new features that wink into existence, he cites a recently introduced built-in feature: “Advanced Security Management is a new service providing global and security administrators with the facility to detect anomalies in your tenant – alerts for abnormal behaviour, and alerts for activities that might be atypical.

Examples could include logging in from unusual locations, mass download by a single user (suggesting a data leakage risk) or administrative activity from a non-administrative IP address”. The non-technical elements Our original request to Aonghus was for three observations, of which we've just mentioned two; the third is non-technical but absolutely key. He states: “It is essential to ensure that business policies are regularly maintained in line with Office 365 capabilities such as Multi-Factor Authentication and Data Leakage Prevention in order for security to be optimised whilst taking into account employee productivity”. It's key to ensure your business is able to work effectively and in a governed way as you evolve into the cloud world: “An understanding of the implications on users of implementing some security measures is essential to ensure that users are well-informed and do not try to bypass the measures due to lack of understanding or usability or productivity being severely compromised.
If the measures are too draconian users will find a way to circumvent them; business decisions need to align with the security recommendations in order for the right balance to be achieved”. People as a problem Aonghus touched on the issue of ensuring that staff are well informed and don’t try to side-step security measures, but it’s worth remembering that even with a strong staff awareness programme there’s still a risk of inappropriate inactivity.

And you can’t really blame your staff for falling for the occasional phishing attack: some are so sophisticated that even the most aware staff member will be taken in eventually. As Joe Diamond, Director of Cybersecurity Strategy at ProofPoint puts it: “The level of social engineering to craft a convincing lure is what makes phishing so successful. We see this used across attacks that use malware, and those that don’t – such as business email compromise spoofing attacks and phishing for credentials”. Joe continues: “While end user education serves an important role, you cannot rely on it.

Focus on where your users digitally communicate the most – email, social sites, and mobile apps – and put in the protection needed to shield advanced attacks from ever reaching your end users”. As for the complexity of attacks these days: “The attack on customers of National Australia Bank that Proofpoint recently identified is a perfect example of how to the naked eye, the emails and links were virtually indistinguishable from legitimate bank communications.

The email content tricked recipients into entering credentials to verify their account and provide accounts details, before redirecting to the legitimate banking site.

The URL [looked] legitimate, but a letter was swapped with Unicode and encoding in the URL hid suspicious code”. In short Like any system of its kind, Office 365 is sufficiently secure in its basic form but there's always more you can do – either to make it easier to exploit what it inherently does or to add further layers of protection and reporting on top of what you get “out of the box”. You may decide when you move to Office 365 that you can wind down some of the extras you bolted onto your on-premise system simply because technology's moved on and the inherent provision in Office 365 is good, but any cloud email service is fair game for an attacker because a compromise of a single system serves up multiple victims so you're unlikely to want to throw away all the extras that can help you provide a layered security model as you evolve to a cloud setup. Oh, and one more thing: moving to the cloud doesn't make you immune from the long-standing tradition of stereotypical bad practice.

Aonghus gets the last word in this respect: “Accepting the default settings without considering whether, for example, the password expiry policy is appropriate is something that is often left – a 'hope for the best' approach or assumption that Microsoft defaults are right for you is not a good strategy where security is concerned”.

Amen. ®
Nuvias acquires value-added distribution business in DubaiLondon, UK: 7/9/16: Specialist EMEA distributor, the Nuvias Group, announces it has added a fourth region, MEA, to its regional EMEA structure.

The other three Nuvias Group regions are Northern, Central and Southern Europe. Paul Eccleston Head of Nuvias Group Nuvias has acquired SCD, a distributor operating out of Dubai.

The new office will now act as a hub for Nuvias’ MEA activities, covering all parts of the Gulf Co-operation Council[1] (GCC) area, Pakistan and Afghanistan. This is the latest development in the strong growth and development plans of Nuvias, which was established in July 2016. Nuvias is building an EMEA-wide, high-value, specialist distribution business, with a common proposition and consistent delivery.

The strategy is to redefine value distribution to the channel, enabling the channel and vendor community to deliver exceptional business value to their customers and creating new standards of channel success. Also being announced today is the setting up of the Nuvias Cyber Security Practice at the Dubai office, which includes vendors Unitrends (cloud empowered continuity solutions), Malwarebytes (advanced malware prevention and remediation), Black Duck (open source security and management) and Netskope (cloud data loss prevention). Other recent vendor signings for Nuvias in the MEA region include JetNEXUS (load balancing), Lifesize (videoconferencing) and Tintri (VM-aware storage for virtualisation and the cloud). Nuvias has already recruited several new staff for the MEA office bringing the current total up to 16.

These include recent recruit Muneeb Anjum, the new sales director.

Anjum has twelve years’ experience in the IT sector, with a proven track record in managing channel partners across the Middle East and extensive experience in successfully introducing new solutions to market. Paul Eccleston, head of Nuvias Group, commented: “We are delighted to be announcing today the opening of our Middle East and Africa (MEA) region, completing our regional coverage of EMEA. MEA is a very important part of the region and a significant opportunity for us, our vendor partners and our customers. “We have been working hard to bring the cyber security, advanced networking and unified comms capability of Wick Hill and Zycko to this region. With the acquisition of the business in Dubai, operating across the region, and the recruitment of Muneeb Anjum, which will be followed by further additions to the team very soon, this is an exciting development for Nuvias and we look forward to bringing more capability and vendors to the region quickly.” Alasdair Kilgour, regional VP MEA for Nuvias, commented: “It's both exciting and a privilege to be part of the Nuvias team and I look forward to leading the growth of the business across MEA and beyond. We will do this firstly by enabling our vendor partners locally to experience the same high standard of value-added service they already receive from the Group across Europe; secondly by expanding our channel partner community through our solution distribution philosophy; and thirdly by geographic expansion. We are exhibiting at Gitex in October at the Dubai World Trade Centre, which will give us a great platform to show the industry what Nuvias in the MEA region can offer.” [1] Gulf Co-operation Council (GCC)A regional, political organisation consisting of six middle eastern countries – Saudi Arabia, Kuwait, the United Arab Emirates, Oman, Qatar and Bahrain. About Nuvias GroupNuvias Group is the pan-EMEA, high value distribution business being built by Rigby Private Equity (RPE), to redefine international, specialist value distribution in IT.

The Group provides a common proposition and consistent delivery across EMEA, allowing channel and vendor communities to deliver exceptional business value to customers, and enabling new standards of channel success. The Group today consists of Wick Hill, an award-winning, value-added distributor with a strong specialisation in security; and Zycko, an award-winning, specialist EMEA distributor, with a focus on advanced networking.

Both companies have proven experience at providing innovative technology solutions from world-class vendors, and delivering market growth for vendor and reseller partners alike.

The Group has fourteen regional offices across EMEA and turnover is in excess of US$ 300 million. ENDS For further press information, please contact Annabelle Brown on +44 (0) 1326 318212, email abpublicrelations@btinternet.com. Wick Hill https://www.wickhill.com/ Zycko http://www.zycko.com/
Most security tools are focused on keeping external attackers at bay.

But what about the sensitive data that lives inside your network? How do you make sure it doesn't get out, either intentionally or by accident? That's where Data Loss Prevention (DLP...