Understanding the Benefits of Managed Cyber Services

Phillip Ingram Today, I have the pleasure of speaking with Emanuel Ghebreyesus, who is the strategic account director for the UK Government, nuclear, and Critical National Infrastructure (CNI) with Tripwire. Good to see you this morning, Emmanuel.

Emanuel Ghebreyesus: Thank you for having me, Phillip.

PI: With the increasing complexity of cybersecurity, especially for government organizations and small- to medium-sized enterprises (SMEs), what are some of the best ways to counter threats and increase confidence across the board?

EG: That’s a very good question. There are few things that pretty much everybody in Information Technology (IT) and Operations Technology (OT) security face on a daily basis. Complexity is one of those constants. Because of that, a breach is possible. What organizations can do is work on how to deal with a breach when it happens in a very timely manner. In order to get to that level, those organizations must accept that a breach is a very real risk. They then must take a step back, assess and understand what they currently have deployed, and discuss how they can deal with the event when it happens. My advice is to have the Chief Information Security Officer (CISO) available to answer those questions.

PI: The function of the CISO seems to be expanding over time. How do you view this increasing responsibility in securing an organization against attacks?

EG: A CISO must be able to create a policy with the Board and with the Chief Information Officer (CIO) that the organization can work towards. That policy can include data breach responses and/or directives on how to address vulnerabilities, for instance. The details of that policy will differ depending on how responsibility has been assigned, how many team members are available, what technologies are deployed, and how many of those technologies actually integrate into each other.

Don’t forget that a lot of those technologies are gathering data. So, with that integration, if we throw all this information into one central database where the administrative team must go and search for it, they’re not going to be able to be very effective if a breach happens. The lack of centralized information leaves the organization more vulnerable. So, instead of just throwing all kinds of technology into your current estate, it’s better to have effective solutions. For example, when you’re doing an investigation, you may need a vulnerability management solution, file integrity monitoring solution, a SIEM solution, and/or a ticketing solution. All must support integrations with each other so that you can create one central point of where you view your world.

PI: So, you recommend the right set of integrated tools as a means of easing the burden on security teams?

EG: A lot of people in the industry call this your “pane of glass” into your estate. By understanding exactly what’s going on and through asset discovery, you are given the information of what is out there. Basically, organizations need to look at best-of-breed solutions. The simple fact is that when you have these types of solutions working together, the likelihood is that your IT and OT teams can work together more efficiently to address any issues.

The second element to this is education. There are a lot of people, even within the IT industry, who do not know how their personal devices or risky Internet behavior can compromise an organization. CISOs and administrators have to get things right 100% of the time, but criminals only need the one chance. If they get in there, they will sit quietly and wait for an opportune time to take action.

PI: It seems that the threats and the attack techniques are shifting. What is your view?

EG: We have a lot of different threats with new ransomware strains being created and malicious actors demanding increased payments from hacked organizations. They are very clever criminals. As such, they’ve increasingly set their sights on national infrastructure because everybody, especially the bad actors, know that there are a lot of legacy systems that have not been patched.

PI: I think you’ve covered the challenges in providing cybersecurity solutions. But there’s a debate around looking at different cyber solutions that are dedicated in-house capabilities or that are managed services. Which do you think is better and why?

EG: It depends on the kind of organization that you are. There are pros and cons for any managed service. There are also pros and cons for any organization that is doing everything in-house.

In regards to the pros of managed services, one is that you are getting a team that knows how to do what’s required. They’re always on call, 24 hours a day. The con is that you won’t have that continuous interaction with a managed service provider that you would have with an in-house team, and if something goes wrong and your service-level agreement with that managed service organization is not on point, what is your disaster recovery strategy? Do you have a high availability solution in place so that your business does not just stop? All those topics need to be taken into consideration, but obviously, if you have more professional procurement teams who understand contracts, who can ask those difficult questions of the managed service providers, and who can get down to the nitty-gritty of exactly what the contract should look like, then you get can get that partnership right.

The other strategy of having everything in-house is that you employ the team. If anything goes wrong, you can take action against the incident. But you need to make sure that they’re trained. A company cannot train one person on 75 different applications. It’s a recipe for burnout of the person. However, what you get with an in-house person is a professional who is managing your estate. This helps to ensure that the data is kept where you want it to be. So, there’s pros and cons for both approaches.

PI: How do organizations get the best out of their managed service providers?

EG: “Put us to the test” is what I say. Obviously, when Tripwire are talking with an organization about managed services, all teams are completely engaged with each other—our technical team, research and development team, account directors, managers, and vice presidents. Everybody is engaged because we need to make sure that we fulfill every single thing that the organization needs.

Tripwire’s solutions are very good at doing what they do. They are best of breed. But understanding those solutions as doing exactly what the organization needs is paramount. As long as we put that into the managed service document and the contracts that need to be signed, then we will hit every single point that’s required within that contract.

Our technical support services are also outstanding. We have a 97% satisfaction rate, partly because we are always available to them. If one of my customers has an issue, for instance, I have a direct dial number to the research and development team or product management team. I always have my systems engineer and our consultants with me.

At the same time, we are clear with regards to what we can and cannot do. As such, we advise as we go and talk to our clients about a managed service. We educate at the same time as we provide the service they require.

PI: It’s been a real pleasure to talk to you.

EG: Thank you very much for having me. 

Want more insight from our webinar series? If so, you can take a look at the series on-demand and review the responses of Professor Ciaran Martin, Nicola Whiting MBE, and others by clicking here: https://www.internationalcyberexpo.com/nineteen-group-on-demand.

To learn more about Tripwire’s Managed Services in general, click here: https://www.tripwire.com/services/managed.