As cybercrime-as-a-service models proliferate and adversaries grow more agile, organizations in the Middle East face immense pressure to rethink cybersecurity strategies. Group-IB, a global leader in threat intelligence and cybercrime investigation, is responding with a regional blueprint that emphasizes intelligence-led security, local partnerships, and capability-building.
In this exclusive interview Sanjay Mohapatra, Editor, Enterprise IT World MEA, Ashraf Koheil, Director of Business, META (Middle East, Turkey & Africa) at Group-IB, shares key highlights from GISEC 2025, details of the newly launched Threat Intelligence and Research Centre in Saudi Arabia, and why collaboration—not isolation—is the cornerstone of cyber resilience.
What was Group-IB’s primary objective at GISEC Global 2025?
GISEC Global is more than just a trade show—it’s a convergence point for decision-makers, regulators, and cybersecurity innovators. Our goal this year was to go beyond showcasing products. We wanted to reaffirm our long-term commitment to the Middle East and demonstrate how we’re helping organizations adopt intelligence-driven security strategies.
We presented our flagship offerings—Digital Risk Protection, Threat Intelligence, Managed XDR, and Fraud Protection—but the real message was about localization and enablement. We’re here to co-create security solutions with our partners, not just sell tools.
“We believe in enabling organizations to become proactive defenders, not just reactive victims.” – Ashraf Koheil, Director of Business, META at Group-IB
You announced the opening of a Threat Intelligence and Research Centre in Saudi Arabia. What’s the vision behind it?
This is a major milestone for us. The new Threat Intelligence and Research Centre in the Kingdom will serve as a hub for localizing our global intelligence capabilities. It aligns closely with Saudi Arabia’s national cybersecurity objectives and supports government, law enforcement, and private sector partners with contextual, real-time threat intelligence.
Our vision is to build local capacity—to train defenders who can attribute threats, respond quickly, and even dismantle attack infrastructure. This isn’t just about serving clients from afar—it’s about being on the ground, embedding our expertise, and contributing to the region’s cyber sovereignty.
How do you view the cyber threat landscape evolving in the META region?
The threat landscape here is becoming increasingly dynamic and commercialized. Cybercriminals are adopting business-like structures and offering everything—from phishing kits to ransomware payloads—on the dark web as-a-service.
We’re seeing sophisticated ransomware gangs like LockBit, Clop, and BlackCat targeting critical infrastructure, banking, healthcare, and government agencies. What’s alarming is the reduced barrier to entry. Even low-skilled actors can now execute high-impact attacks by leveraging tools built by seasoned developers.
The response to this can’t be reactive. Organizations must adopt proactive, intelligence-led defense models, which combine threat intelligence with rapid detection and response capabilities.
Group-IB emphasizes “intelligence-driven security.” Can you break this down for CIOs?
Absolutely. Many security programs today are built on known threats and signature-based detection. That’s simply not enough anymore.
Intelligence-driven security means you don’t just detect threats—you understand them. Who is attacking you? What tools are they using? What are their objectives? Our Threat Intelligence, coupled with Managed XDR and DFIR services, gives security teams actionable, context-rich data.
This approach helps CIOs move beyond alert fatigue. Instead of being bombarded with false positives, they get meaningful insights that guide prevention, investigation, and response.
What role do partnerships play in your regional strategy?
Partnerships are the backbone of our strategy in the Middle East. We collaborate with telecom operators, financial regulators, ISPs, national CERTs, and law enforcement agencies across the region.
Cybersecurity is not a solo sport. If an attacker infiltrates one network, that intelligence could help protect ten others. That’s why we facilitate shared intelligence exchanges, takedowns of phishing infrastructure, and joint investigations with public and private stakeholders.
We’re also working on strategic alliances with telecoms and managed service providers to deliver our XDR and DRP capabilities to SMBs and critical infrastructure providers across the region.
What kind of value does Group-IB bring to public sector and national cybersecurity initiatives?
Public sector institutions often need visibility into both local and global threats. Our intelligence provides attribution capabilities, profiling threat actors and tracking infrastructure used in region-specific campaigns.
For national cybersecurity authorities, we support capacity building—training analysts, helping draft incident response playbooks, and deploying forensic and threat-hunting platforms.
We also work closely with law enforcement, helping identify threat actors and support digital forensics for legal proceedings. This bridges the gap between detection and enforcement—something critical for national resilience.
How is Group-IB supporting cybersecurity talent development in the Middle East?
Talent development is one of our key priorities. We’ve seen tremendous enthusiasm in countries like Saudi Arabia, the UAE, Egypt, and Qatar to build domestic cybersecurity skills.
To support this, we run the Group-IB Academy, offering training tailored for SOC analysts, threat hunters, and incident responders. Our new centre in KSA will also provide hands-on labs, simulations, and internship programs to groom the next generation of cyber defenders.
We believe in creating self-reliant security teams who don’t need to depend on external consultants every time something goes wrong.
“We believe in enabling organizations to become proactive defenders, not just reactive victims. That’s how you build cyber resilience in today’s threat environment.” – Ashraf Koheil
What’s next for Group-IB in the META region over the next 12–18 months?
We’re focused on scaling our managed services, expanding our data center footprint to support data residency and compliance, and deepening partnerships across the GCC and North Africa.
We’re also investing in AI and machine learning to enhance detection and threat attribution, particularly around infostealers and ransomware operations. And most importantly, we’re doubling down on regional hiring and training—so the knowledge stays in the region.
Finally, what message would you like to share with CIOs facing increasing cyber risk today?
The biggest shift CIOs need to make is moving from reactive to proactive. Don’t wait for the breach to act. Build intelligence into your security architecture. Invest in people, not just products. And partner with vendors who can empower you—not just alert you.
About Ashraf:
Ashraf Koheil is Director of Business, META at Group-IB. With a deep understanding of cybersecurity operations and regional market dynamics, he leads Group-IB’s growth strategy across the Middle East, Turkey, and Africa, helping organizations adopt intelligence-driven security and build resilient cyber defense infrastructures.
