“Lots of companies come at them with security solutions, but what they tell me they’re missing is somebody who can deal with the consequences of a breach,” said Jimmy Sheahan, managed services director at Ergo. “We all know at this stage that the best security in the world is not going to be 100 per cent effective in the face of fast-evolving cyber threats, so the second phase becomes enormously important.”
There are horror stories of how zero-day vulnerabilities enable hacker activity to go undetected inside organisations for months. Failure to mitigate the risks leaves them exposed to reputational damage and increasingly onerous penalties. Coming into force in 2018 is the new EU General Data Protection Regulation (GDPR), whereby breached organisations that leak data risk fines of 4 per cent of annual turnover.
Proactive threat Management
Ergo has added another layer to its managed security service offering by providing a proactive threat management service. After correlation and analysis of an intrusion, Ergo is now able to dig down into a breach to make sure it never happens again, culminating in a full report to the client on what occurred.
“With an audit trail of everything that happened, we are not only able to eradicate the threat but shut down the vulnerability that allowed it to happen in the first place,” said Sheahan. “It’s about putting organisations on the front foot and making them more proactive in the war against cyber crime.”
By way of example, he describes how a trojan was detected inside a customer’s Citrix farm. “We observed a pattern of irregular activity through our threat management platform. We put the organisation on red alert, which in turn alerts our managed services team who kick into action,” he explained. “Within an hour, we had it under control. Within 48 hours, we had carried out the audit, identified the source of the breach and prevented it from happening again.”
From the moment an intrusion is detected, Ergo maintains constant communication with its client. The audit and reporting piece become particularly important for understanding the full consequences of the event. “You might be detecting a threat that has been in the system for weeks, so the client needs to know exactly how long it’s been breached. If they’re in financial services, for example, there are compliance responsibilities that will depend on our audit,” he said.
Analytics, correlation and reporting is just the top layer in Ergo’s holistic approach, which Sheahan describes as an “actionable lifecycle” around security. It’s built into the day-to-day ICT operations that Ergo delivers to customers as a managed service. The baseline is methods of minimising the threat footprint – patch management, perimeter security, hardening of servers and other hardware to make sure they are robust and thoroughly tested for vulnerabilities.
“These are rudimentary procedures but the reality is that they are often poorly executed,” warned Sheahan. “Security surveys always highlight how organisations struggle to do the basics. We put that right as step one and then concentrate on the bigger challenges.”
Improving what you have Ergo also provides a consultancy piece around compliance and the people part of the security process, setting up policies and procedures, training employees to make sure they are properly implemented.
The good news for organisations struggling with the complexity of the never-ending security battle is that Ergo can step in at any stage and improve what they have. The proactive service layer and the consultancy piece can be wrapped around existing systems and make them better. Or companies can come to Ergo for a root-and-branch overhaul, leveraging the software tools and appliances it configures and integrates for an end-to-end solution.
Leading security vendors like Checkpoint, Sophos and McAfee are all part of the Ergo armoury. Microsoft is in there too, including its enterprise mobility management suite for securing the perimeter around an increasingly mobile workforce.
“Our starting position is process oriented, but we support it with a rich technology capability. We’re not prescriptive about what our customers use for security; we can integrate with just about any product set,” said Sheahan, “but we have built up ways of integrating security solutions with processes and policies in an actionable lifecycle around security that we believe is second to none. We’ve made the whole concept of security-as-a-service a reality.”
The traditional Managed Print Service revolved around optimising devices; paper audit trails through pull print solutions while incorporating an on-premise...Read now
In an ever-changing world of automation and end user enablement, Microsoft seem to just keep churning out more and more...Read now